Turkey Enacts Its First Crypto Regulations: Here’s How Businesses Can Adapt [Updated July 2021]

We go over compliance with everything from the crypto payments ban to the latest AML/CFT obligations.

Polina Rebeka

Content manager

In 2020, Turkey had the world’s 4th highest cryptocurrency use rate due to its plummeting national currency and alarming inflation. Additionally, cryptocurrencies were largely unregulated in the country at the time.

Source: Statista

However, in April 2021, Turkey’s biggest crypto exchanges collapsed and their founders were accused of fraud. In the aftermath, Turkish regulators issued two documents aimed at bringing order to the crypto market.

The first document is the Regulation on the Disuse of Crypto Assets in Payments, which came into force on April 30th, 2021. The second is the Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism, amended by a May 1st Presidential Decree.

What’s changed

Under the new regulations, cryptocurrency is now legally defined as an asset in Turkey and is prohibited from use as a payment method. This means that Turkey joins India, Nigeria, Algeria, and Qatar in a list of countries that fully or partially ban cryptocurrency.

In addition, crypto firms in Turkey now have to comply with AML/CFT obligations in accordance with Law № 5549 and international FATF recommendations.

1. Decentralised services may fall under AML/CFT regulations

Who is affected: Turkish merchants operating both online and offline.

Before: Cryptocurrency use was not restricted, as it didn’t fall under any regulations. Therefore, Turkish citizens could use it to pay for goods and services.

After: Goods and services can no longer be paid for with cryptocurrency. However, cryptocurrency trading is not prohibited, so users may continue to buy and sell cryptocurrencies as an investment instrument. Accordingly, crypto trading and exchange platforms can continue to operate.

How businesses can comply: Cryptocurrency should be removed as a payment option for clients.

2. Ban on intermediating between crypto firms and users

Who is affected: Crypto firms and payment/e-money services (e.g. PayU, iPara, PaymentWall).

Before: Crypto firms could partner with payment/e-money services to enable transactions on their platforms .

After: It is now illegal to buy, sell, or transfer cryptocurrencies through payment/e-money services on crypto platforms.

How businesses can comply: Users making transactions on crypto platforms should be limited to cash or bank transfers.

3. AML obligations expanded to crypto firms

Who is affected: Turkish crypto firms (crypto trading and crypto exchange platforms, crypto wallets etc.).

Before: Turkish crypto firms did not fall under any AML/CFT regulations.

After: Under the amended Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism, crypto businesses are now obliged to enact the same AML/CFT policies as other financial institutions in Turkey. Turkish crypto firms are now supervised by the Financial Crimes Investigation Board (MASAK), Turkey’s AML regulator.

How businesses can comply: Multiple AML/KYC measures, such as customer identification, managing customer documents, and reporting to the regulator, should be implemented.

AML/KYC measures to implement

AML obligations of crypto firms in Turkey now include customer identification, reporting suspicious transactions, providing information and documents, retention and submission of documents, and periodical reporting.

Сustomer identification. Customers should be identified before a permanent business relationship is established. Identification is also necessary for suspicious transactions and cumulative transaction amounts of over ₺75,000 (app. €7,300). The identification procedure should cover:

name and surname;
place and date of birth;
nationality, identity documents type and number;
profession;
phone and email;
signature sample;
parents’ names and T.R. identification number (for Turkish citizens).

Turkish citizens should be verified through their ID card, driving license, passport, or other identity documents with a T.R. identification number. Foreigners should be verified through their passport or a residence document.

With Sumsub’s KYC solution, customer verification is fast, secure, and people-friendly.

Reporting suspicious transactions. From now on, crypto firms should report to MASAK if they detect suspicious transactions on their platform. Transactions are deemed suspicious if there is reason to suspect illegal funds or terrorist financing are present. However, it is worth mentioning that reporting a suspicious transaction is not the same as reporting a crime; it is rather a cause for further examination.

MASAK suggests that crypto firms determine what constitutes a “suspicious” transaction themselves, based on the expertise of their legal teams. The factors that matter are the customer’s behavior during the transaction and whether their financial profile is compatible with the transaction amount.

The MASAK guide proposes a list of possible “suspicious” cases. Including when users divide up transactions usually made in bulk—or when they can’t explain the purpose of a transaction and their source of funds.

Suspicious transactions should be reported to MASAK regardless of the transaction amount. A legal specialist employed by the crypto firm should complete a Suspicious Transaction Reporting Form within ten working days of the incident. This can be submitted as a hard copy, by email, or through the EMIS.ONLINE system. The information within the suspicious transaction report cannot be disclosed to anyone except MASAK examiners and the courts.

Providing information and documents. MASAK is authorised to audit crypto businesses as part of its AML supervision program. In these cases, the crypto firm being audited must provide any information requested by the regulator, including documents, records, and passwords for accessing records.

Retention and submission of documents. Crypto firms should keep customer and AML-related data for eight years. These include documents, transaction records and customer identification information. MASAK or other authorized examiners may request retained documents during their supervision programs.

Periodical reporting. Crypto firms should report any transactions exceeding ₺75,000 (app. €7,300) to MASAK within ten days of the transaction date. This threshold corresponds with requirements for other financial institutions. However, in the near future, there may be special rules specifically for the crypto market. As pre-announced by Turkey’s Minister of Treasury and Finance, the crypto transaction limit subject to periodical reporting is expected to be ₺10,000 (app. €989). We’ll continue to update this article, so stay tuned.

Deadline for compliance

Regulation on the Disuse of Crypto Assets in Payments came into force on April 30th, 2021. Amendments to the Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism came into force on May 1st, 2021.

Sanctions

For disclosing information on suspicious transactions to unauthorized third parties, a judicial fine (a monetary substitute for imprisonment) can be imposed on the crypto firm, and beneficial owners may be imprisoned for 1-3 years. The same penalties may apply to those failing to provide requested documents and information, as well as those failing to retain and submit documents.

Crypto firms that fail to identify customers, file periodic reports, and flag suspicious transactions may be subject to administrative fines ranging from ₺30,000 to ₺4,000,000 (app. from €3,000 to €400,000).

Here’s a list of administrative fines based on violation type:Staying compliant with Turkey’s latest crypto regulations is super easy with Sumsub’s complete AML/KYC solution.