ARTICLE
10 April 2026

Liability Regime For Boards Of Directors Of Payment And Electronic Money Institutions

Sadik & Çapan

Contributor

Sadik & Çapan logo
Sadık & Çapan is an independent and a boutique law firm based in Istanbul, Turkey. With its experienced team, Sadık & Çapan provides legal advisory services to local and foreign corporations and banks, public companies, investment funds, brokerage firms, asset management companies, venture capital companies, individuals and start-ups, in the fields of banking and finance, securities and capital markets, corporate, commercial and employment laws. Our firm is highly qualified and skilled in advising public companies in their daily operations particularly about their regulatory filings, corporate governance activities, reporting and disclosure requirements and various securities offerings including IPOs, cross-border and domestic debt and equity offerings (DCM and ECM deals) involving Reg S/144A issuances, Sukuk transactions and also, highly specialized in different types of loan and security transactions, alternative financing models and financial and regulatory compliance matters.
Explore Firm Details
The corporate governance of payment and electronic money institutions (the “Institutions”) and the legal and criminal liability of the board of directors and its members, as the main governing body of such structure, are of great importance.
Turkey Corporate/Commercial Law
Serra Sadik Hiziroglu and Ethem Dogan
Your Author LinkedIn Connections

The corporate governance of payment and electronic money institutions (the “Institutions”) and the legal and criminal liability of the board of directors and its members, as the main governing body of such structure, are of great importance. Pursuant to the Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions (the “Law”), the board members of the Institutions incorporated as joint stock companies are not only subject to the general liability regime set out under the Turkish Commercial Code No. 6102 (the “TCC”). In addition, board members of the Institutions are also subject to significant obligations under the Law, the Regulation on Payment Services, Electronic Money Issuance and Payment Service Providers (the “Regulation”), the Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services (the “Communiqué”) and the legislation of the Financial Crimes Investigation Board (Mali Suçları Araştırma Kurulu in Turkish) (the “MASAK”) (the “MASAK Legislation”).

The liability regime of the board of directors of the Institutions and its members under the Law, the Regulation, the Communiqué and the MASAK Legislation is summarised below.

1. Formation and Structure of the Board of Directors

Under the Regulation, the board of directors of the Institutions should consist of at least three members. In this respect, board members are required to satisfy certain conditions set out under the Banking Law No. 5411. These conditions include, among others, that the members should not be subject to financial insolvency situations such as bankruptcy or concordat and should not have been convicted of certain offences such as embezzlement, bribery, fraud, forgery, money laundering and tax evasion. In addition, the general manager is a natural member of the board of directors, which should consist of at least three members. In addition to the foregoing conditions, the general manager, who holds the title of natural member of the board of directors, should have at least seven years of professional experience in business administration or finance and should hold an undergraduate degree.

2. Responsibilities of the Board of Directors

The board of directors and its members have significant duties and obligations in relation to the oversight of the Institutions’ organisational, operational and technological structure.

Within this framework, the board of directors and its members are responsible for:

  • the determination of the Institutions’ organisational structure, human resources policy and the duties, authorities and responsibilities of the personnel;
  • the establishment of the internal control and risk management system, the determination of the policies and implementation principles in this field, the conduct of the relevant activities under the supervision of the board of directors and the regular reporting thereof to the board of directors;
  • the establishment of policies and processes related to information systems management, the clear determination of duties and responsibilities, the operation of such structure in compliance with the Communiqué, the taking of measures for the reliability, continuity and security of the information systems and the submission of the required reports to the Central Bank of the Republic of Türkiye (the “CBRT”);
  • the preparation and monitoring of incident and cyber incident management plans;
  • the fulfilment of the board declaration and other approval processes stipulated under the Communiqué;
  • the establishment of structures for the evaluation of customer complaints and the prevention of fraud and malicious use and the taking of necessary measures in this regard;
  • the determination of procedures, principles and workflows relating to the safeguarding of funds and the secure and orderly operation of fund and information flows;
  • the establishment of risk and oversight principles in relation to representative activities;
  • the structuring of outsourcing relationships in a manner that does not result in the delegation of the senior management’s powers and responsibilities, and in particular, ensuring of necessary oversight and risk monitoring in respect of outsourcing relating to information systems and
  • the fulfilment of the other acts and transactions assigned to the board of directors pursuant to the Law, the Regulation, the Communiqué and the other applicable legislation.

3. Sanctions Under the Law

The board of directors may be held liable through administrative fines and criminal sanctions under the Law.

3.1. Administrative Fines

If the Institutions act in breach of the obligations set out under the Law, the secondary legislation issued on the basis thereof and the decisions taken thereunder and if no specific criminal sanction is separately stipulated for the relevant breach, they are subject to an administrative fine. Although the administrative fines imposed on the Institutions are not directly imposed on the board members, if such fines cannot be collected from the Institutions, the personal liability of the board members may arise under the Law No. 6183 on the Procedure for Collection of Public Receivables (the “Law No. 6183”).

3.2. Criminal Sanctions

Apart from administrative fines, board members of the Institutions are subject to imprisonment and judicial fines if they commit certain acts in breach of the legislation. In this respect, imprisonment and judicial fines shall be imposed on board members who commit the following acts:

  • obstructing the CBRT’s audit and supervision activities and/or failing to submit the requested information and documents;
  • making false statements in documents submitted or disclosed to the competent authorities, supervisory authorities or courts;
  • acting in breach of the obligations relating to document retention and information security, failing to take the necessary measures for the protection of personal security information relating to a payment instrument or failing to ensure the secure delivery of such information and instruments to the user;
  • disclosing secrets relating to the Institutions or their customers to unauthorised persons;
  • keeping transactions off the books or recording them in a manner contrary to their true nature and
  • committing acts that may constitute the offence of embezzlement.

4. Responsibilities of the Board of Directors under the MASAK Legislation

The Law No. 5549 on the Prevention of Laundering Proceeds of Crime, the Regulation on Program of Compliance with Obligations of Anti-Money Laundering and Combating the Financing of Terrorism (the “Compliance Program Regulation”), the Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism and the communiqués published by MASAK constitute the framework of the Institutions’ obligations under the MASAK Legislation. For the Institutions that are deemed “obliged parties” under the MASAK Legislation, the board of directors’ oversight and decision-making function is of additional importance.

Within this framework, the board of directors and its members are responsible for:

  • the establishment and implementation of the compliance program in a manner appropriate to the Institutions’ activities and risk structure under the Compliance Program Regulation;
  • the appointment of the compliance officer and deputy compliance officer under the Compliance Program Regulation, the determination of their duties, authorities and responsibilities, and the ensuring of the fulfilment of the notification processes stipulated under the MASAK Legislation;
  • the establishment of the compliance unit and the allocation of sufficient personnel and resources to such unit;
  • the preparation and approval of the institutional policy and annual training plans pursuant to the Compliance Program Regulation;
  • the establishment and oversight of risk management, monitoring, control and know-your-customer (KYC) mechanisms that will ensure the implementation of the obligations under the MASAK Legislation;
  • the evaluation of the results of risk management, monitoring and control, and internal audit carried out within the scope of the compliance program, and the taking of necessary measures in this regard;
  • the determination of actions to remedy the errors, deficiencies and abuses identified as a result of internal audit activities and
  • the fulfilment of the other duties and obligations assigned to the board of directors under the MASAK Legislation.

 

5. Sanctions under the MASAK Legislation

The board of directors may be held liable through administrative fines and criminal sanctions under the MASAK Legislation.

5.1. Administrative Fines

If a breach is identified with respect to obligations relating to the compliance program, internal audit, risk management and compliance officers, MASAK first applies a warning and time period mechanism for remedying the relevant deficiency. If the breach is not remedied within the granted periods, administrative fines stipulated under the relevant legislation and updated in line with the revaluation rate may be imposed and, if the breach continues, more severe administrative measures may also be imposed.

In this respect, an administrative fine may also be imposed separately on the board member responsible for the act that is in breach of the MASAK Legislation. On the other hand, if the administrative fines imposed on the Institutions cannot be collected from the Institutions, the personal liability of the board members may arise under the Law No. 6183.

5.2. Criminal Sanctions

Apart from administrative fines, board members of the Institutions may also be subject to imprisonment and judicial fines if they commit certain acts in breach of the applicable legislation. In this respect, imprisonment and judicial fines may be imposed on board members who commit the following acts:

  • breaching the confidentiality of suspicious transaction reports;
  • failing to provide the information and documents requested by the competent authorities and
  • acting in breach of the retention and submission obligation.

Conclusion

The board of directors of the Institutions and its members are subject not only to the general liability regime arising from the TCC, but also to a comprehensive liability regime arising from sector-specific regulations. When the Law, the Regulation, the Communiqué and the MASAK Legislation are assessed together, the role of the board of directors is not limited to decision-making only; it also includes an active and continuous oversight responsibility in terms of internal control, risk management, information systems, compliance processes and the management of sanction risks. Therefore, the establishment of a strong governance and compliance structure at board level is of critical importance for the Institutions in order to mitigate legal and criminal risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Serra Sadik Hiziroglu
Serra Sadik Hiziroglu
Photo of Ethem Dogan
Ethem Dogan
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More