Under Turkish law, certain financial institutions (e.g., payment and electronic money institutions and system operators) are required to obtain one single permit to be authorized to operate in Türkiye. In contrast, others (e.g., banks, insurance companies, private pension companies and brokerage firms) are required to obtain both incorporation and operation licenses.

An applicant for an operation license must undergo a formal process to obtain authorization, which involves completing and submitting required application documents, forms, undertakings and supporting information. The BRSA, the CMB, the IRSA or the Central Bank may require additional documents from applicants if necessary.

In most cases, the regulator responds to the applicant within three to six months from receipt of the complete application. This period can be extended, depending on the regulator’s assessment and satisfaction with the applicant’s documents.

The documents, forms, undertakings and supporting information required will depend on the nature of the regulated activities being conducted. Generally, however, a financial institution must satisfy the following conditions to obtain an operation license:

1. Required capital – The minimum required capital (or any higher amount the regulator deems necessary) must be fully paid in cash, and shares must be issued in registered form (nama yazılı). Any other payable fees or contributions to the government must also be paid before obtaining the license.
2. Corporate governance – A financial institution must comply with the corporate governance requirements set by its regulator, such as having a certain number of independent board members and publishing quarterly and annual reports.
3. Internal systems – A financial institution must set up required internal systems, such as internal control, internal audit, and risk management systems.
4. Technical infrastructure – A financial institution’s technical infrastructure, such as its IT systems, must be in place to carry out its activities and protect customer privacy and other confidentiality requirements.
5. Personnel requirements and qualifications – A financial institution must have an adequate number of personnel with sufficient qualifications. Directors, managers and other designated officers, such as portfolio manager and internal control director, must meet certain qualifications depending on the financial institution. The applicant will need to submit forms providing information that enables the regulator to assess their fitness and propriety to perform their roles.

There are no regulatory sandboxes in operation in Türkiye and fintechs are not exempt from authorization requirements.