Who is the Interface Provider?
An interface provider is a specialized business entity that facilitates seamless access to banking services for customers through innovative digital platforms. An interface provider, as defined in the Regulation on the Operating Principles of Digital Banks and Banking as a Service Model, is a business established as a capital company. By leveraging advanced technology, interface providers enable users to perform a wide range of banking transactions via mobile applications or internet browser-based interfaces. These providers act as intermediaries, connecting customers with service banks that offer banking as a service model, ensuring secure, efficient, and user-friendly financial services. Interface providers play a crucial role in enhancing financial inclusion and accessibility, making banking services more convenient and accessible to a broader audience.
They are considered outsourcing institutions when mediating the establishment of a contractual relationship between the service bank and the customer or enabling the provision of banking services through their interface.
The service bank and the interface provider are jointly responsible for ensuring compliance with authentication and transaction security obligations.
The interface provider must also comply with specific data processing and confidentiality requirements, and their systems must be subject to audit and approval by the Banking Regulation and Supervision Board.
Who is the Service Bank?
What are the Key Provisions and Requirements for a Service Banking Interface Provider?
To become an interface provider, there are several key provisions and requirements that must be met according to the Regulation. Here are the key provisions and headlines:
- Service Agreement with a Service Bank:
- The interface provider must establish a contractual relationship with a service bank.
- Regulatory Compliance:
- The interface provider must comply with the security criteria included in the Regulation on Information Systems and Electronic Banking Services of Banks (BSEBY).
- The interface provider must ensure that its systems meet the authentication and transaction security obligations set forth in BSEBY.
- Customer Contractual Relationship:
- A contractual relationship must be established between the customer and the service bank in accordance with Article 76 of the Banking Law, 5411.
- If the contractual relationship is established electronically, the process must comply with the Regulation on Remote Identity Detection Methods (UKTY).
- Outsourcing Institution:
- The interface provider qualifies as an outsourcing institution that provides services to the service bank within the scope of the Outsourcing Regulation.
- The interface provider must not accept deposits or participation funds on behalf of the service bank unless it is a payment service provider.
- Data Security and Confidentiality:
- The interface provider must ensure the confidentiality and security of customer data.
- System and data backups must be kept domestically in Türkiye.
- If cloud computing services are used, they must comply with specific requirements for private or community cloud banking as a service model.
- Information Systems and Audit:
- The interface provider’s information systems must be evaluated for competency by the BRSA’s on-site inspection unit.
- The interface provider may need to provide an audit report on its information systems and controls.
- Disclosure and Transparency:
- The interface provider must clearly state that it is not a bank or payment service provider if it has not obtained the necessary operating permissions.
- The service bank’s name, logo, and contact information must be visible on the interface provider’s website and any issued payment instruments.
- Reporting and Notifications:
- The service bank must provide information on the scope of services and list all interface providers it serves on its website.
- Copies of service contracts and any changes must be sent to the BRSA within one week of signing.
- BRSA Board Permissions:
- The interface provider must obtain permission from the Board to provide outsourcing services to the service bank.
- The Board may determine additional conditions and procedures for interface providers.
- Compliance with Consumer Protection Laws:
- The interface provider must comply with the Law on the Protection of Consumers and related sub-regulations for all fees, costs, commissions, and benefits.
These key provisions and requirements ensure that the interface provider operates within the regulatory framework and maintains the necessary standards for security, transparency, and customer protection.
