Regulation on Remote Identification Methods to be Used by Banks and Establishment of Contractual Relations in Electronic Media ("Regulation"), prepared by the Banking Regulatory and Supervisory Agency, is published in the Official Gazette dated April 1, 2021. The Regulation will enter into force on May 1, 2021 and expand the context of branchless digital banking services.
i. Remote Identification
General Principles of the Process
The remote identification process will be carried out by and between the bank personnel ("Customer Representative") and the real person or real person merchant customer to be identified remotely, through online video conferences and communications with each other, without the necessity of physical presence of the parties.
Remote identification will be considered a critical process by the banks and be designed and operated in a way that does not allow the initiation, approval, and completion of the process solely by information technology or the Customer Representative.
Furthermore, during the remote identification process, only biometric data from the sensitive personal data of the customer disclosed to the bank for the purpose of remote identification shall be processed, provided that the explicit consent of the customer is recorded electronically.
Video Call Stage
The remote identification will only be possible upon completion of a risk assessment procedure.
The video call stage of the remote identification will be carried out in real-time and uninterruptedly and with end-to-end encrypted communication.
Other than the verification of the information on identity card, banks shall use methods that enable them to detect the client's physical presence, and take necessary measures to avoid potential risks relating to deep-fake technology during the video call.
Remote identification process will be finalized by informing the customer about the banking services to be provided and obtaining verbal confirmation on his/her will in respect of becoming the bank's customer.
Responsibility for remote identification
It is the bank's responsibility to ensure that solutions used for remote identification are designed in a way to minimize the risk of misidentification of the client.
ii. Establishment of Contractual Relations in Electronic Media
Following remote identification in accordance with the Regulation, customers, whose internet banking or mobile banking distribution channels are open for use, can electronically convey their declaration of intent to establish a contractual relationship for the transactions intended to be carried out via internet or mobile banking distribution channels without customers' wet signatures.
In order to do so, the contract to be established electronically must not be subject to an official form or special procedural requirement; all terms and conditions of the electronic agreements must be delivered to the customer through internet or mobile banking distribution channels in a way that the customer would be able to read them properly; the customer's declaration of intent for the establishment of the electronic agreement together with the agreement itself must be conveyed to the bank with secret encryption exclusively designed for the customer; and it must be ensured that the content of the contract is identical to what the customer has signed electronically.
Originally published 22 April 2021
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
