Banking as a Service (BaaS) is the business model in which a licensed bank exposes its regulated infrastructure — account creation, payment processing, card issuance, lending capabilities, deposit-taking, FX, regulatory compliance — to non-bank companies via APIs and white-label arrangements. The non-bank “front-end” company builds customer-facing products (digital wallets, neobank apps, embedded finance in e-commerce platforms, B2B treasury tools) without itself obtaining a banking license, while the BaaS-provider bank performs the regulated activities and retains regulatory accountability.
The BaaS architecture has enabled major innovations in financial services: neobanks (Chime, Cash App, Revolut, N26) launching consumer-facing products without the multi-year process of obtaining a bank charter; embedded finance (Shopify Capital lending, Lyft driver banking, Uber Pro Card) integrating financial services into non-financial platforms; B2B fintechs (Brex, Mercury, Ramp for U.S.; Qonto, Spendesk for EU; Papara, Param for Türkiye) building business-banking on top of licensed-bank infrastructure; and specialized B2B treasury and FX platforms (Modulr, ClearBank, Currencycloud).
The Turkish BaaS landscape has developed since the mid-2010s with multiple operating models: (i) partnership BaaS — Turkish banks (especially Fibabanka, ING Bank, Şekerbank, Burgan Bank, Albaraka) partnering with fintechs to provide banking infrastructure; (ii) Payment Institution (Ödeme Kuruluşu) or E-Money Institution models — fintechs obtaining their own BDDK licenses for narrower payment/e-money activities without full bank charter; (iii) digital-bank licenses — BDDK’s 2022 digital-only bank framework enabling new bank-charter entrants (issued to first applicants including Enpara, OnDigital, others in pipeline); and (iv) hybrid models combining different licensing layers.
Legal and regulatory considerations in BaaS architecture include: regulatory accountability allocation between bank and fintech partner (BDDK holds the bank responsible for regulated activities regardless of who operates the customer-facing service); contractual arrangements defining responsibilities, SLAs, fee-sharing, intellectual-property allocation, exit mechanics; customer-relationship ownership and data-portability rights; compliance-program coordination across AML/KYC, KVKK privacy, consumer protection, complaint handling; and incident-response protocols for operational disruptions, security breaches, or regulatory inquiries affecting either party.
For Turkish fintechs evaluating BaaS partnerships or considering own-license strategy, the key strategic decisions include: license-acquisition timeline and capital requirements (Payment Institution: TRY 1M minimum capital; E-Money Institution: TRY 5M; full bank: TRY 2.5B for digital banks); operational scope achievable under different licensing tiers; regulatory-supervision intensity across license types; and strategic positioning within the broader Turkish fintech ecosystem. Vircon Legal advises Turkish fintechs and partner banks on BaaS structuring — partnership-agreement negotiation, license-tier analysis, compliance-program architecture, regulatory-accountability allocation, and the coordination of BaaS strategy with broader product, partnership, and capital-raising plans.