Turkiye: Implemented Communiqué on the Management and Supervision of the IT Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in Payment Services Area

On 1 December 2021, the Turkish Central Bank published and implemented a communiqué on the management of information systems and data sharing by payment providers. According to the communiqué, financial institutions (specifically, the board of directors) are responsible for ensuring the security of information systems. Institutions must implement an information security system as well as data protection measures, including safeguards for sensitive customer data and information mechanisms for data breaches. In addition, the sharing of sensitive customer data can only occur with user consent.