Founder
March 30, 2026
15 min read
In short: Obtaining a license as a crypto asset service provider in Turkey is not a matter of merely incorporating a company and filling out an application form. The Turkish market has become a high-threshold regulatory environment where capital adequacy, governance, MASAK compliance, MKK integration, information-systems security, and operational resilience are assessed together.
Our observation at Genesis Hukuk is that many foreign or domestic ventures approach the process at first with only one question: “How much are the fees?” Yet the real question is usually this: “Is our business model, ownership structure, and technical architecture genuinely ready for Turkey’s licensing regime?”
A Crypto Asset Service Provider (CASP) license in Turkey is not a simple incorporation; it passes through a multi-layered structure of capital, governance, technical infrastructure, and ongoing compliance obligations.
The most critical pre-application decision is which products will be offered through the Turkish entity and which functions will be ring-fenced elsewhere within the group.
Total cost is not limited to application fees; behind the publicly visible line items lie MKK, AML, audit, staffing, and operational substance burdens.
The headings that most often cause timeline slippage are typically bank onboarding, foreign document chains, finding a suitable chief executive, and technical integrations.
Regulators now look for architecture, not paper alone; if MASAK compliance, reserve logic, and customer-asset segregation do not work in software, the file will not read as strong.
The purpose of this guide is not to disclose every project detail; it is to help a platform considering entry into Turkey ask the right questions from day one.
A CASP license denotes the baseline threshold for structures that wish to offer regulated crypto asset trading, custody, or related services in Turkey.
The process is two-stage: First, incorporation architecture and fitness are reviewed; then operational readiness and the operating permit are assessed.
Cost is not a single line item: Minimum capital, public fees, company formation, MKK and MASAK compliance, audit, team, infrastructure, and operational substance must be considered together.
Timelines are often read optimistically: A process that looks shorter in theory can stretch in practice due to bank onboarding, foreign documentation chains, executive appointments, and technical integrations.
What determines success is as much architecture as legal technique: Regulation now demands system design at a “compliance by design” level—not mere textual alignment.
Navigate the intricate landscape of blockchain regulations and licensing in Turkey with our specialized legal services, ensuring your operations are fully compliant.
The answer foreign investors often seek—“Why did the rules tighten so sharply?”—can be summed up in one sentence: Turkey’s CASP (KVHS) architecture aligns with the country’s strategy to exit the Financial Action Task Force (FATF) grey list, with anti–money laundering and countering the financing of terrorism (AML/CFT) standards, and with a global vision consistent with the European Union’s Markets in Crypto-Assets (MiCA) framework for crypto markets. The rules are high-threshold; in return, the market has shifted toward a more predictable framework rather than lingering uncertainty.
A CASP license is effectively the entry gate for platforms wishing to operate in the crypto asset space in Turkey. It concerns not only those who want to set up a “crypto exchange” in the classical sense, but every player whose custody model, customer onboarding structure, fiat flows, AML controls, and technical infrastructure can fit within the regulated framework.
The new structure in Turkey evaluates crypto firms less like a generic technology startup and more like a financial institution. Hence the question in an application is not only “What is your product?” From the regulator’s perspective, the lens is shaped more along these axes:
Is your ownership structure transparent?
Is your capital source defensible?
Is your management team fit and proper?
Is your technical infrastructure auditable?
Are customer assets sufficiently segregated from company assets?
Can you discharge MASAK obligations not only on paper but systemically?
Many projects lose time because they clarify—too late—issues that should be settled before the legal application. In our field practice, the first phase is always a “structural reality test.”
Will you build a spot trading platform? Will custody also be provided? How will fiat on-ramp and off-ramp work? What will the technical and operational relationship be between the global group company and the Turkish entity? If the product set to be offered in Turkey is unclear, the licensing strategy cannot be set clearly either.
In foreign-owned or multi-tier holding structures, ultimate beneficial owners, the chain of control, and the source of funds must be explainable. Offshore layers in particular can materially extend timelines from banking and regulatory review standpoints.
One of the clearest publicly stated thresholds in the CASP regime is the minimum paid-in capital requirement. Strategically, however, what matters is not only that this amount exists, but when it will be injected, with which documents, through which banking relationship, and with which narrative on the source of funds.
A platform seeking a licensed structure in Turkey needs not only a strong software team but also a fit chief executive, compliance function, risk management, internal audit, and information security ownership. The regulator does not want names on paper; it wants real substance. For the chief executive role in particular—where the role is expected to be performed exclusively on a full-time basis, the person is resident in Turkey, and carries at least seven years of professional experience in relevant fields—the approach of “we’ll assign a manager from the global team remotely” can create a serious bottleneck in practice.
Skinning the global platform for the Turkish market is often not enough. Data flows, wallet architecture, segregation of customer balances, logging, local integrations, and an audit-ready reporting structure should be planned early.
The model global exchanges naturally consider—“Infrastructure on AWS, wallets on Fireblocks, we’re just the front end”—may be technically possible in Turkey, but it is a legal illusion. Under Communiqué III-35/B.1, the Capital Markets Board permits outsourcing in critical functions such as cloud computing, custody, or cybersecurity; however, it requires that obligations arising from capital markets legislation and investor rights are not transferred in any way. In practice, if a hosting provider or custody technology suffers an outage, data loss, or security incident, the counterparty before the Board is not the third-party software vendor—it is directly the licensed CASP and its board of directors. A strong local board, internal control, and auditable vendor management are therefore not a luxury—they are the minimum structure the regulator expects.
In practice, the CASP licensing journey in Turkey passes through two main regulatory gates.
At this stage the focus is less on live customer operations and more on corporate fitness. Regulatory attention typically concentrates on:
Legal incorporation of the company
Fitness of shareholders and managers
Capital adequacy
Seriousness of the business plan
Quality of internal policy suites
The critical mistake at this phase is the mindset of “we’ll fix operations once we go live.” If the establishment permit file is weak, the process turns into iterative deficiency letters from the very beginning.
Once the establishment logic is accepted, the harder part begins—because the company must now demonstrate that it has built a platform that actually works, is auditable, and is secure.
Typical themes in this phase include:
Information systems and cybersecurity readiness
MKK integration
Operationalization of MASAK compliance
Customer acceptance and monitoring mechanisms
Reserve, custody, and segregation structure
Independent audit and testing processes
In short: the first stage asks “Can you build it?” The second asks “Can you run it safely and sustainably?”
The honest one-line answer: it depends on the project structure, but management teams should plan with at least a one-year minimum horizon to stay realistic.
Thinking through the CASP license timeline by phase helps with calendar and resource planning. A simplified view for decision-makers can be summarized as follows:
Preparation — Main focus: structural design. This phase typically highlights ownership structure, incorporation, banking relationship, business plan, and executive selection.
First permit phase — Main focus: corporate fitness. File submission, responses to deficiencies, and regulatory review are typical content for this period.
Operational build-out — Main focus: technical and compliance construction. MKK, information systems, AML, audits, and tests gain weight in this phase.
Final permit phase — Main focus: readiness to operate. On-site inspection, final assessment, and go-live preparation are handled in this stage.
Practical expectation: Well-prepared files can follow a more controlled calendar. Where ownership is messy, management is appointed late, bank onboarding fails, or MKK/technical integration slips, the timeline extends materially.
One of the most Googled questions is “How much does a crypto license cost in Turkey?” The question is fair—but a one-line answer is often misleading.
That is because CASP license cost is the combination of at least five different layers:
This is the publicly visible and most conspicuous line item. Yet most investors realize too late that the process is not only about a capital threshold.
Capital Markets Board application layers, MKK membership and transaction-based charges, and other official setup items inflate the total picture. Public fees matter—but in many projects they are only the visible face of final cost.
Apostille and notarization chains for foreign documents, trade registry steps, stamp duty effects, rent, and baseline vendor agreements—especially in foreign-capital structures—can drive preparation budgets higher than expected.
MKK integration, AML/transaction monitoring software, information security architecture, data centre or localization requirements, penetration tests, independent audits, and reserve-proof preparation require serious budget. The Turkish market is no longer a market you can enter on legal spend alone.
Chief executive, compliance lead, risk function, internal audit, information security ownership, office, accounting, and ongoing compliance costs continue after the license is granted. So the right question is not “What does the license cost?” but “What is the annual burden of keeping a regulated Turkey operation standing?” Moreover, under Law No. 7518, the transfer to the Capital Markets Board of 1% of gross revenue (excluding interest income) and 1% to TÜBİTAK creates a continuing regulatory cost that many foreign investors omit from their first budget model—and it directly affects profitability.
Reading the cost layers side by side makes it easier to see why no single line item suffices:
Capital — Sets the entry threshold; but alone it does not explain operational readiness.
Public fees — Kick off the official licensing flow; they do not cover technical and human-resource spend.
Setup costs — Stand the structure up; they do not show ongoing operating expense (OPEX).
Technical compliance — Determines the operating permit; alone it does not create legal fitness.
Ongoing operations — Determines license sustainability; if the initial strategy is weak, it runs inefficiently.
Genesis Hukuk note: To read cost correctly, model not only the “fee total” but CAPEX + first-year OPEX + regulatory friction together. In our work with clients, the most critical difference is prioritizing these items against the business model.
What delays processes usually comes from implementation reality, not from a single statutory article.
Opening bank accounts and blocking capital in high-capital, crypto-focused structures often proves harder than expected. If source of funds, group structure, and risk profile are not well explained, the calendar slips from the start.
Overseas corporate documents—apostille, notary, translation, and chain of authority—if not managed correctly, technically delay the application file. In multi-layer ownership structures, this issue must not be underestimated.
It is not easy to find a profile that knows both the sector and the regulation in Turkey and can build trust with the regulator. Projects that do not act early can lose months for this reason.
Many ventures see MKK as merely an “API to plug in later.” Yet KVMKS (Crypto Asset Central Registry System) API integration, data taxonomy, reconciliation flows, and customer-balance logic must be designed from the outset with this in mind.
Reserve logic, logging structure, access controls, wallet segregation, cryptographic compliance items such as migration to TÜBİTAK’s EC 384 algorithm, and security procedures are not topics to be “fixed in the last weeks.” Also remember that reserve-proof audits must be structured as a recurring burden—not annually alone, but on quarterly cycles.
Delve deeper into Turkey's 2025-2026 crypto regulations, including KVHS obligations, Travel Rule, and digital identity verification for a complete understanding.
No. The strategic mistake is often made here.
The product universe global platforms offer may not match the product set that can be offered in a regulated way in Turkey. There are material regulatory differences between spot markets, custody models, fiat bridges, segregation of customer assets, and leveraged products.
Derivatives, margin, and leveraged trading: When offshore-centred exchanges discuss Turkey strategy, one of the first questions is often “Can we offer margin or futures?” Clarity: Under Law No. 7518 and CASP secondary legislation, permitted activities centre on spot crypto asset trading, custody, and related services. Futures, margin trading, and leveraged derivative products cannot be offered within the CASP license scope; even if these products exist in the global app, you cannot “copy-paste” the same product set into the Turkish entity.
Fiat–crypto bridge design: This constraint pushes global players to design Turkey affiliates effectively as a bridge from fiat currency into crypto: the user deposits TRY locally, passes KYC/AML and MKK processes, and after spot purchase transfers assets to the global platform in line with group policies. Revenue feeds from derivatives and margin volume on the global side; the Turkish legal entity carries regulated spot and compliance load. When strategy is read this way, both the product map and the license map clarify.
Therefore a Turkey project should not be treated like a “passport license.” The right approach is to clarify from the outset which function the Turkish company will perform:
Local onboarding and fiat bridge only?
Full trading platform?
Full vertical including custody?
A narrower, more controlled in-group product architecture?
This strategic decision directly changes both budget and licensing difficulty.
Genesis Hukuk’s approach differentiates here. We do not treat crypto regulation as merely a legal interpretation exercise; we also read it as a systems architecture problem.
Because regulatory reality now says:
Writing a compliance policy is not enough—your system must raise alerts.
Explaining wallet segregation is not enough—you must have a technical proof mechanism.
Saying you protect customer assets is not enough—you need auditable reserve and record logic.
Accepting MASAK obligations is not enough—your onboarding, monitoring, and reporting flows must run in software.
In other words, well-prepared CASP projects are built as a union of law + product + infrastructure + internal control.
Structures that cannot answer the following questions clearly before application usually face expensive revisions in later stages:
Which product will we offer in Turkey, and which will we not? (Spot and compliance only—or copy global derivatives/margin products?)
Is our ownership and control structure ready for regulatory scrutiny?
Is our capital and source-of-funds narrative defensible?
Can we actually build fit executives and compliance functions in Turkey?
Have we budgeted the technical workload on MKK, MASAK, and information systems correctly?
Do we see the Turkey operation as a licensing file or as a regulated business unit?
In practice the process does not advance without appropriate corporate structuring in Turkey and a legal entity aligned with the regulatory architecture. Incorporation strategy is an integral part of the application—especially in foreign-capital structures.
No. Capital is one of the required thresholds; but alone it is not sufficient. Without governance structure, technical readiness, internal control, and MKK and MASAK compliance, you cannot reach an operating permit on capital alone.
Well-prepared projects can follow a more controlled calendar. Even so, it is healthier for management teams to plan the process from the outset with a strategic horizon of one year or more.
Yes—but in foreign-owned structures transparency, document chains, source of funds, bank onboarding, and control structure are examined in greater detail. The more complex the design, the more preparation quality becomes critical.
There is no single answer. In practice, the most underestimated headings are often technical compliance, ongoing audit readiness, MKK-related friction, and qualified local team costs.
No. Which products the Turkey operation will offer, and how, must be assessed separately. This should be clarified strategically before application.
Yes. That date is not an “application open or closed” date for new ventures; it relates to compliance and operating-permit timelines for those already operating. For greenfield CASP, the framework under the 13 March 2025 communiqués is in force: Establishment Permit first, then technical and compliance preparation for Operating Permit within the prescribed period (with extensions where needed).
Yes. Holding customer crypto assets with Board-authorized custody institutions and submitting a written custody agreement to the Board is part of the regime. Timelines in the communiqué may be updated as custody infrastructure becomes widely available; current timing and conditions should be taken from Capital Markets Board announcements.
No. The permission framework under the CASP regime centres on spot trading, custody, and related services; margin, futures, and leveraged derivatives cannot be offered under this license. While those products may remain on the global platform under separate structures and jurisdictions, the Turkey affiliate typically focuses on TRY on-ramp and spot conversion bridge functions.
For a company seeking a CASP license in Turkey, the right starting point is not reading statutes line by line—it is mapping the business model against regulation.
The Turkish market still offers a very strong opportunity. But that opportunity belongs no longer only to those who move fast; it belongs to those who can combine strong capital planning, clean governance, sound technical architecture, and a genuine compliance culture.
At Genesis Hukuk, we do not treat this process as “application preparation” alone. Our working model is to build legal architecture together with technical reality and operational feasibility. That is why, in the first phase with clients, we usually focus on three questions:
Which structure in Turkey should actually be licensed?
Which costs are publicly visible, and which are project-specific?
Which bottlenecks should be resolved first to accelerate the process?
If you want a CASP license in Turkey but wish to see a strategic roadmap before committing full budget and full team, your first step should not be generic research—it should be to produce a licensing map tailored to your project.
The next right step is usually this: a project-based preliminary assessment that filters public obligations through your ownership structure, target product set, custody model, and technical architecture.
For a confidential CASP licensing feasibility map tailored to your business model and ownership structure under NDA, contact Genesis Hukuk: info@genesishukuk.com
This guide is prepared for general information only. Every CASP application must be assessed on its own merits with respect to ownership structure, technical architecture, target products, custody model, fund flows, and the level of regulatory expectation. The framework here should not be read as specific legal advice or a guarantee of any particular licensing outcome.
Be the first to be informed about our new articles, opinions and case studies in the field of Blockchain.
