The Bankacılık Düzenleme ve Denetleme Kurumu (BDDK) — Banking Regulation and Supervision Authority of Türkiye — is the principal financial-services regulator for banking, payment services, and most fintech activities in Türkiye. Established under the Banking Law (No. 5411) in 2000, BDDK’s mandate covers prudential regulation, licensing, ongoing supervision, and enforcement across the Turkish banking and payment-services ecosystem. For Turkish founders building any business that handles customer funds, processes payments, holds deposits, or extends regulated credit, BDDK is typically the most consequential regulatory counterpart.
BDDK’s licensing perimeter spans several categories: (i) Banks — full-service deposit institutions and specialized banks (development, investment, participation); minimum capital TRY 2.5B for new entrants under digital-bank framework, substantially higher for traditional bank charters; (ii) Payment Institutions (Ödeme Kuruluşu) — fintechs providing payment services without holding customer funds long-term; minimum capital TRY 1M; (iii) E-Money Institutions (Elektronik Para Kuruluşu) — issuers of stored-value e-money; minimum capital TRY 5M; (iv) Asset Management Companies — entities acquiring and resolving non-performing loans; and (v) Financial Leasing, Factoring, and Financing Companies — non-bank credit providers in specific sub-categories.
Major BDDK regulatory frameworks include: Law No. 5411 (Banking Law) — foundational framework for banking-sector regulation; Law No. 6493 (Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions Law) — covering payment institutions, e-money institutions, and payment-system infrastructure; Digital Banking Regulation (2022) — establishing the digital-bank licensing framework that has enabled new digital-first bank entrants; Open Banking Regulation (2021) — implementing PSD2-paralleled API mandates; and dozens of communiques and circulars covering operational risk, IT systems, AML coordination with MASAK, customer protection, and capital adequacy.
BDDK supervisory practice spans several mechanisms: (i) licensing and authorization — multi-month application processes with detailed regulatory review of business plans, capital, IT infrastructure, governance, key personnel; (ii) ongoing reporting — frequent operational, financial, and risk reporting through standardized formats; (iii) on-site inspections — regular and event-triggered inspections by BDDK supervisors; (iv) thematic supervision — focused reviews of specific risk areas (cybersecurity, operational resilience, AML, customer protection); and (v) enforcement — administrative penalties (substantial fines, license restrictions/revocation), criminal referrals for serious violations, public censure.
For Turkish fintech founders, BDDK engagement is foundational and intensive: licensing-pathway analysis (which license tier fits the business model, timeline and capital implications), application-package preparation (business plan, governance documentation, operational-risk framework, IT specifications, AML/KYC programs, capital and shareholder documentation), pre-launch operational-readiness validation, ongoing supervisory-relationship management, and enforcement-response coordination when issues arise. Vircon Legal advises Turkish fintech founders and BDDK-regulated institutions on licensing strategy, application preparation, regulatory-compliance program design, supervisory-relationship navigation, enforcement defense, and the strategic coordination of BDDK regulatory positioning with SPK, MASAK, KVKK, and broader Turkish regulatory framework requirements.