Regulation on remote identification methods to be used by banks and establishment of contractual relations in electronic environment

With Article 6 of the Law No. 7247, the second paragraph of Article 76 of the Banking Law has been amended, making it possible for banks to acquire customers remotely and through digital methods.

Subsequently, with the Regulation on Remote Identification Methods to be Used by Banks and the Establishment of Contract Relationships in Electronic Environment [ "Regulation" ] published in the Official Gazette dated 01.04.2021, procedures and principles regarding the remote identification methods that can be used by banks in gaining new customers and the establishment of a contractual relationship by replacing the written form via information or electronic communication devices have been regulated.

General Principles to Be Followed Before Starting the Remote Identification Process

According to Article 4 of the Regulation, remote identification is made by online video call, without the need for the customer representative and the person to be physically in the same environment. Adequate security measures should be taken, considering the possible risks associated with the interview method. The processes and systems to be used for remote identification are considered as critical information systems.

Customer Representative for Remote Identification

The remote identification process is carried out by expert customer representatives, in places where necessary precautions are taken to prevent possible security weaknesses or abuses.

General Principles to Be Followed After the Initiation of Identification Process

According to Article 6 of the Regulation, only biometric data can be used for remote identification. Biometric data refers to the physical [fingerprint, face, etc.] or behavioral [voice, signature, etc.] characteristics of the person.

Identification and Usable Documents During the Process

In the process of remote identification, an identity document with security elements, photograph and signature that can be visually distinguished under white light will be used in accordance with Article 7 of the Regulation.

Verification of Person to be Identified

In the 8^th article, methods for determining the vitality of the person during the remote identity verification process are regulated. Accordingly, during identification, the customer representative makes sure that the photograph and personal information on the identity document match the person. For the identity to be verified, the customer representative should consider that the information on the identity document, the information provided by the person during the interview and the stated intention during the identification process are real, convincing, and sufficient.

Termination of the Video Call Process

In Article 9 of the Regulation, it is stipulated that the video call phase of remote identification will be terminated in cases where visual verification and/or verbal communication with the person is not possible due to poor light conditions, low image quality and similar situations.

Responsibility for Data Recording and Remote Identification

In Article 10 of the Regulation, it is stipulated that the entire remote identification process will be recorded and stored in a way that includes all steps of the process and ensures that it is auditable. Article 11 is about responsibility. It is the bank's responsibility to ensure that the solutions used for remote identification are used in a way that minimizes the risk of misidentification.

Establishing a Contractual Relationship Following Identification

After remote identification, the customer's declaration of intent must be obtained through internet banking or mobile banking distribution channels. To establish a contractual relationship that can replace the written form, all the terms of the relevant contract should be transmitted to the customer through internet banking or mobile banking distribution channels in a way that the customer can read, the customer's declaration of will for the establishment of the contract should be received and the contract should be signed with the customer-specific encrypted secret key specified in the legislation.

Date of Effect and Execution

The Regulation will come into force on 01.05.2021 and its provisions will be executed by the Chairman of the Banking Regulation and Supervision Agency.