Turkiye: Implemented Regulation on Information Systems and Electronic Banking Services of Banks including data localisation requirement

On 20 June 2020, the Regulation on Information Systems and Electronic Banking Services of Banks came into force. The regulation establishes comprehensive standards for the management of banks' information systems and electronic services. Primary and secondary systems of banks are required to be stored domestically. Further, the regulation defines governance roles, policies and procedures to ensure secure and effective IS operations, with an emphasis on risk management and compliance. The information security provisions cover data confidentiality, access controls and robust network security, complemented by identity verification and transaction safeguards for electronic banking channels such as Internet and mobile banking. Banks are required to maintain classified inventories of information assets and enforce strict change and configuration management protocols.