Turkey has introduced significant updates to its Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) framework, bringing FATF-aligned Travel Rule regulations to its cryptocurrency market. The Financial Crimes Investigation Board (MASAK), under the Ministry of Treasury and Finance, announced these changes to strengthen transparency and ensure secure cryptocurrency transactions.

Is cryptocurrency legal in Turkey?

Yes, cryptocurrency is legal in Turkey. Residents can buy, sell, and own digital assets, provided these activities adhere to the country’s AML/CTF regulations. Although it can be legally traded, you shouldn’t use it to buy your morning coffee — using crypto for payments has been prohibited since 2021.

Who regulates cryptocurrency in Turkey?

In Turkey, the regulation of cryptocurrency involves two primary authorities: the Capital Markets Board (CMB) and the Financial Crimes Investigation Board (MASAK). Each plays a distinct role in overseeing and regulating the crypto market.

Capital Markets Board (CMB)

• Regulatory Oversight: The CMB is responsible for establishing and enforcing regulations related to capital markets, including those governing crypto assets. In July 2024, Turkey introduced its first comprehensive legislation governing crypto assets, which authorized the CMB to regulate crypto assets that accord rights specific to capital markets instruments and the sale and distribution of crypto assets created using distributed ledger technology.
• Licensing and Supervision: The CMB requires crypto asset service providers, such as exchanges, to obtain licenses to operate legally within Turkey. This licensing process ensures that these entities adhere to specific standards aimed at protecting investors and maintaining market integrity. By August 2024, the CMB had received 47 license applications from crypto firms, indicating a robust interest in formalizing crypto operations within the country. At the time of writing this, this count is much higher and will continue to grow.

Financial Crimes Investigation Board (MASAK)

• AML/CTF Enforcement: MASAK is the primary agency responsible for combating money laundering and the financing of terrorism. It oversees compliance with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regulations within the financial sector, including the crypto industry. In May 2021, MASAK expanded its regulatory scope to include crypto asset service providers, making them obliged parties under AML/CTF laws.
• Transaction Monitoring and Reporting: MASAK mandates that crypto asset service providers implement Know Your Customer (KYC) procedures, monitor transactions for suspicious activity, and report any such activities. In December 2024, MASAK introduced new regulations requiring user identification for crypto transactions exceeding 15,000 Turkish liras (approximately $425) to enhance scrutiny and security in the crypto sector.

Collaboration Between CMB and MASAK
While the CMB focuses on the structural and operational aspects of crypto markets, ensuring that service providers operate within a legal and secure framework, MASAK concentrates on preventing illicit activities by enforcing AML and CTF measures. The collaboration between these two bodies aims to create a comprehensive regulatory environment that promotes innovation in the crypto space while safeguarding against financial crimes.

The CMB and MASAK serve complementary roles in Turkey’s cryptocurrency regulation landscape, with the CMB overseeing market operations and licensing, and MASAK enforcing financial crime prevention measures (and Travel Rule).

What types of entities are regulated in Turkey?

Turkey has expanded the definition of regulated entities to include certain financial transactions and service providers, including e-commerce platforms and large-scale intermediary service providers.

Are there licensing or registration requirements for VASPs in Turkey?

Yes, Virtual Asset Service Providers (VASPs) in Turkey are required to register with MASAK and comply with its AML and CTF framework. The registration process includes demonstrating robust governance structures, implementing transaction monitoring systems, and adhering to data collection and verification standards for crypto transactions. These requirements aim to ensure transparency and reduce the risk of financial crimes in the virtual asset sector.

Are there any AML crypto regulations in Turkey?

Yes, Turkey has implemented comprehensive Anti-Money Laundering (AML) regulations specifically targeting cryptocurrency transactions. These measures are designed to prevent illicit activities such as money laundering and terrorism financing within the crypto sector. Virtual Asset Service Providers (VASPs) must comply with requirements for transaction monitoring, sender verification, and risk management.

Is the Crypto Travel Rule mandated in Turkey?

Yes, Turkey’s Travel Rule regulations mandate VASPs to collect and transmit identifying information for originators and beneficiaries of crypto transactions. These changes align with FATF Recommendation 16 and are part of MASAK’s broader strategy to combat financial crimes.

Is the Crypto Travel Rule applicable when transacting with non-Turkish entities?

For transactions with foreign crypto asset service providers or financial institutions not obligated by their local regulations to share sender and recipient information, Turkish CASPs must:

• Obtain a declaration from their customers containing at least one piece of identifying information, such as name, address, date and place of birth, customer number, citizenship number, passport number, or tax identification number.
• If the foreign provider utilizes a secure messaging system, as specified in the regulations, the required information can be transmitted through that system.

These measures are part of Turkey’s efforts to align with global anti-money laundering (AML) standards and enhance the transparency of crypto transactions, regardless of whether they involve Turkish or non-Turkish entities.

When did the Crypto Travel Rule go into effect in Turkey?

Some provisions are already in effect, while others, such as additional AML requirements, will be enforced starting February 25, 2025.

Does Turkey permit exceptions or a grace period to comply with the Crypto Travel Rule?

Turkey provides a phased approach to implementing its Crypto Travel Rule requirements, with some provisions in effect as of the date of publication, Dec 24, 2024, while other provisions come into effect on February 25, 2025. VASPs are encouraged to begin preparations now to ensure compliance by the final implementation date.

The Presidency can determine exemptions and notification standards based on risk assessments.

What is the minimum threshold for the Crypto Travel Rule in Turkey?

While the Crypto Travel Rule in Turkey applies to all transfers, the key difference lies in the verification requirement, with sender details needing verification in both cases but no verification required for recipient details in the case of transfers below 15,000 TL.

Transfers ≥15,000 TL must include:

• Sender’s name or entity name
• Wallet address or a transaction reference number.
• At least one identifier (e.g., address, date of birth, customer number, citizenship number, or passport number)
• Verification of sender details is mandatory; recipient details do not require verification

Transfers <15,000 TL must include:

• Sender’s name or entity name
• Wallet address or a transaction reference number.
• At least one identifier (e.g., address, date of birth, customer number, citizenship number, or passport number)
• Verification of sender details is mandatory; recipient details do not require verification

What personally identifiable information is required to be shared for the Crypto Travel Rule in Turkey?

Transfers ≥15,000 TL: VASPs must include the following information in the transfer message:

Sender Information:

1. Full name or entity name.
2. Wallet address or transaction reference number.
3. At least one identifier, such as:
   1. Address
   2. Citizenship number
   3. Passport number
   4. Customer number
   5. Date of birth

Recipient Information:

1. Full name or entity name.
2. Wallet address or transaction reference number (verification is not required).

Transfers <15,000 TL: The same details above are required, but verification is not mandatory. These requirements align with FATF standards to ensure traceability in crypto transactions.

How does Turkey handle missing information for crypto transfers?

VASPs must request missing details from the originating service provider. Transfers with unresolved deficiencies will be returned, and repeated non-compliance could lead to the rejection of future transactions or termination of business relationships.

What responsibility do intermediary VASPs have in Turkey?

Intermediary VASPs must ensure sender details are included in the transfer message throughout the transaction chain, paying special attention to secure transmission at every stage.

What are the non-custodial or self-hosted wallet requirements in Turkey?

For crypto asset transfers sent to or received from unregistered wallet addresses, crypto asset service providers must obtain a declaration from their customers (who are parties to the transfer). The declaration should include at least one of the following: name and surname for individuals, legal entity name for businesses, or identifying information such as an address, date and place of birth, customer number, citizenship number, passport number, or tax identification number.

Why Choose Notabene for Crypto Travel Rule Compliance in Turkey?

Notabene has worked closely with MASAK to shape these regulations and supports VASPs in navigating this complex compliance landscape. Our platform simplifies:

• Secure data sharing between VASPs and intermediaries.
• Real-time risk assessments and counterparty verification.
• Compliance management for high-risk and cross-border transactions.

With Notabene, Turkish VASPs can ensure seamless compliance with MASAK’s Travel Rule framework while maintaining operational efficiency.