The Regulation on Remote Identification Methods to be Used by Banks and the Establishment of a Contractual Relationship in Electronic Environment (the “Regulation”) was published in the Official Gazette dated 01.04.2021 and numbered 31441. The regulation has been issued in order to regulate the procedures and principles for remote identification methods that can be used by banks to acquire new customers and for banking services that will be offered after customer identification, whether at a distance or not, to replace the written form via an information or electronic communication device, or to establish a contractual relationship at a distance.
The main regulations introduced by the regulation are as follows:
- The nature of the identity documents that can be used for remote identification is determined in accordance with the Regulation.
- Adequate security measures will be taken by taking into account all possible technological, operational and similar risks in the identification process, and the remote identification process is reviewed at least twice a year. In cases such as the detection or occurrence of security breaches, amendments to the relevant legislation, the bank’s awareness of possible fraud or actions that may constitute fraud, and the emergence of weaknesses related to the remote identification method used, the process is reviewed and necessary updates are made.
- It is the responsibility of the bank to ensure that the solutions used for remote identification are used in a way that minimizes the risk of misidentification of the person.
- The conditions to be sought in order to establish a contractual relationship that will replace the written form via an information or communication device for the transactions that customers want to perform are determined in accordance with the Regulation.
This Regulation provided the opportunity for banks to acquire customers remotely via the “video call” method. However, we would also like to say that this method is limited only to real people. As a result, it was not possible for banks to perform remote identification to legal entities (for example, through signature authorities) and to have them sign a customer contract in a digital environment from the point of view of legislation. Undoubtedly, since this situation could lead to significant problems for digital banks and their corporate customers, there was a need to make an arrangement for remote identification of legal entities.
June May 1, 2023, the Regulation on the Remote Identification Methods to be Used by Banks and the Amendment to the Regulation on the Establishment of a Contractual Relationship in Electronic Environment (“Regulation Amendment“), effective on June 1, 2023, Banking Regulation and Supervision Agency (“BRSA“) published in the Official Gazette No. 32201 on May 25, 2023.
What Did the Regulation Change Bring?
With the recent Regulation Amendment, the scope of the concept of “person” has been expanded to include authorized real person or real persons representing a legal entity. According to the Turkish Commercial Code, the first entities that come to mind when referring to legal entities are commercial companies such as partnerships, limited partnerships, joint-stock companies, limited liability companies, and cooperatives, which are recognized as legal entities by the Regulation. Therefore, it is worth noting that non-commercial entities such as associations, foundations, and trade unions cannot become bank customers using remote identification methods. As of today, these types of legal entities cannot participate in the remote identification and digital signing of customer contracts processes under the Regulation.
Within the scope of the Regulation Amendment, the verification of the authority of the company’s representatives to represent the legal entity will be carried out by matching the information received from the person with the up-to-date information received from MERSIS, the online system of trade registers, and /or the Trade Registry Gazette. Representatives of companies registered in the register will be able to verify information such as the company’s title, registration number online over the Internet without the need for a physical document and a wet signature. Identification of the legal entity will be carried out by verifying the tax identification number via the database of the Revenue Administration with the trade name, trade registry number, subject of activity and address information via the MERSIS and Registry Gazette. In this way, the Amendment of the Regulation will allow the legal entity signature authorities to perform the relevant transactions through remote identification.
During the identification process of the legal entity; banks are under the obligation to take the necessary measures to reveal the real beneficiary of the legal entity. The concept of the real beneficiary of a legal entity means a natural person or persons who perform transactions on behalf of a legal entity or who have ultimate control or ultimate influence over a legal entity. It is of great importance to determine the identities of the real beneficiaries, especially in the regulations aimed at laundering the proceeds of crime and preventing the financing of terrorism. In this way, it is aimed to provide transparency in the financial system by determining who is behind the legal entities.
In order to facilitate the participation of persons with disabilities in the banking system and in the controls to be provided for remote identification, it has been stated that it is necessary to evaluate the situation of persons with disabilities by taking into account. With this, it is stated that the individual can get support from a third party, but for this support, the identity of the third party must be checked by the customer representative. With this regulation in the regulation, the access of disabled people to banking services is improved.
The regulation, on the date of its first entry into force, required that the interview regarding remote identification should only be conducted by a customer representative who is a bank employee and has received special training in this regard. However, the Regulation Amendment paved the way for the support of artificial intelligence applications for the controls to be carried out by the bank employee and the digital completion of the process without human intervention, and gave the authority to determine the procedures and principles related to this issue to the Banking Regulatory and Supervisory Board (“Board”). This means that the security criteria of the system have improved even more.
This important arrangement made within the framework of digitalization steps is a significant step expected for digital banks and seems to ensure that the needs of remote identification of legal entities are now better met. With the entry into force of the regulation amendment, it is expected that the use of wet signatures and physical documents in the provision of banking services will decrease, as a result of which the cost of services will be reduced, transactions will be performed faster, reliably and practically, and time savings will be provided. Of course, like every digital innovation, it should not be forgotten that the advantages of this innovation will be achieved by applying safe, systematic and sustainable principles.
Gülben Aksandık, Attorney at Law