New development
On 25 December 2024, significant legislative amendments were published in the Official Gazette, introducing major changes to the laws on preventing the laundering of proceeds of crime and the financing of terrorism. These amendments impact crypto asset service providers in several key regulations: the Regulation on Measures regarding the Prevention of Laundering Proceeds of Crime and Financing of Terrorism (“Measures Regulation“), the Regulation on the Program of Compliance with Obligations of Anti-Money Laundering and Combating the Financing of Terrorism (“Compliance Program Regulation“) and the Regulation on the Procedures and Principles Regarding the Electronic Notification System of the Financial Crimes Investigation Board.
Significant changes to the Measures Regulation
- Crypto service asset providers classified as financial institutions
With the amendments, crypto asset service providers will now be classified as financial institutions under MASAK. This reclassification results in changes to their obligations under MASAK regulations. Specifically, crypto asset service providers will now be subject to new various obligations that they were not subject to before, such as taking necessary measures to monitor transactions conducted outside the continuous business relationship with a risk-based approach, implementing enhanced identification methods against technological risks and fulfilling the obligations set out in MASAK Communiqué No. 21, which regulates the relationship with politically exposed persons (PEPs) and imposes additional requirements within this scope.
- Reducing the monetary limits concerning the “know your customer” obligation
Another significant amendment for crypto asset service providers pertains to the monetary thresholds for the “know your customer” obligation. Under the new regulations, crypto asset service providers must identify their customers and those acting in the name or on behalf of their customers by obtaining and verifying identification information when the transaction amount, or the total amount of multiple interconnected transactions, reaches or exceeds TRY 15,000. These monetary limits also apply to electronic transactions. Previously, the monetary threshold was TRY 185,000 for all obliged parties, but it has now been reduced to TRY 15,000 for crypto asset service providers to ensure that more customers are subject to identification.
- Specific regulations on crypto asset transfers
Article 24/A, titled “Crypto Asset Transfers,” has been added to the Measures Regulation. This article specifies the mandatory information and verification obligations for sender and receiver details in crypto asset transfer messages mediated by crypto asset service providers. Accordingly, if the required identification information in a transfer message is incomplete, the crypto asset transfer must be returned. Additionally, if messages consistently contain incomplete information and this is not rectified upon request, the receiving crypto asset service provider should consider rejecting transfers from the sending provider, limiting transactions or terminating the business relationship.
Pursuant to the same article, for transfers to or from unregistered wallet addresses, crypto asset service providers must request specific identification information from the natural person customer involved in the transfer, and relevant details for legal entity customers. Similar information is also required for transfers made to service providers located abroad that are not obligated to share information. Within the framework of the risk-based approach, if sufficient information cannot be obtained about the parties to the transfer, the transfer should not be completed, the transactions should be limited or the business relationship should be terminated.
Please see the table below for the effective dates of the above-mentioned amendments.
Significant changes to the Compliance Program Regulation
With the amendments, crypto asset service providers are now required to establish comprehensive compliance programs. These programs should cover various aspects, including risk management, monitoring and control activities, training provision, internal audits, the appointment of a compliance officer and the establishment of a compliance unit. Additionally, the programs must include enhanced controls and measures to address the risks of breaches, non-implementation and avoidance of asset freezing decisions. The compliance policy mandates continuous monitoring of customers and transactions, considering asset freezing orders and potential match criteria. Furthermore, the information of senders and recipients in electronic transfer and crypto asset transfer messages must be taken into account within this scope.
When establishing a business relationship with customers and conducting other transactions that require identification, crypto asset service providers should gather comprehensive information about the source of the assets involved and the customer’s funds. They should also understand the purpose of the transaction, increase the number and frequency of applied controls, and maintain strict supervision over the business relationship by identifying transaction types that require additional scrutiny. Furthermore, appropriate measures should be implemented to limit the amount and number of transactions to mitigate risks effectively.
Under the new amendments, new methods and conditions have been introduced for the authorization of compliance officer. Moreover, crypto asset service providers are mandated to appoint a compliance officer and a deputy compliance officer within one month. Following these appointments, they must establish their compliance programs within the same timeframe (i.e., one month). Additionally, they are required to submit the commitment forms related to the corporate policies defined within the compliance program to MASAK by the specified deadline.
Significant changes to the Regulation on the Procedures and Principles Regarding the Electronic Notification System of the Financial Crimes Investigation Board
It has been mandated that notifications from MASAK, under Law No. 5549 on the Prevention of Laundering Proceeds of Crime and Law No. 6415 on the Prevention of the Financing of Terrorism, must be made electronically to crypto asset service providers. Consequently, crypto asset service providers are required to apply to MASAK to request the opening of an electronic notification account. This application must be completed within one month.
Conclusion
MASAK has comprehensively revised the obligations of crypto asset service providers under the anti-money laundering legislation. In accordance with these amendments, it is imperative that the necessary steps be taken promptly. Noncompliance with these obligations may result in significant repercussions for crypto asset service providers, including severe administrative penalties. Therefore, it is crucial for all obligated parties to closely monitor the relevant details and developments to prevent any potential future violations.
