Turkiye: Adopted Regulation on Information Systems and Electronic Banking Services of Banks including data localisation requirement

On 15 March 2020, the Banking Regulation and Supervision Agency adopted the Regulation on Information Systems and Electronic Banking Services of Banks. The regulation establishes comprehensive standards for the management of banks' information systems and electronic services. Primary and secondary systems of banks are required to be stored domestically. Further, the regulation defines governance roles, policies and procedures to ensure secure and effective IS operations, with an emphasis on risk management and compliance. The information security provisions cover data confidentiality, access controls and robust network security, complemented by identity verification and transaction safeguards for electronic banking channels such as Internet and mobile banking. Banks are required to maintain classified inventories of information assets and enforce strict change and configuration management protocols. The Regulation enters into force on 20 June 2020.