Founder
November 30, 2025
25 min read
The blockchain and crypto asset ecosystem in Türkiye is undergoing a fundamental paradigm shift revolving around the Law No. 5549 on Prevention of Laundering Proceeds of Crime and the Capital Markets Law No. 6362. Going beyond merely being a software company or technology provider, the rules of the game have been rewritten with a seriousness equivalent to banking standards for Crypto Asset Service Providers (KVHS), which now bear a fully-fledged Financial Institution Status.
In this new era, compliance is not a cost item; it is a vital "constitutional ground" for the continuity of the license and operational sustainability. As Genesis Hukuk, we do not just interpret legal texts; we construct how your technical architecture (API integrations, wallet structures, data flows) will communicate with these regulations. This guide has been prepared to transform legislation into a technical roadmap for you, ranging from establishing a MASAK Compliance Program to operational risk management.
The most critical step of the regulatory framework in the crypto asset sector is the definition of actors and the clarification of their status. With the recent regulations, KVHSs have been moved to the highest level in the hierarchy of obligations.
Pursuant to the Capital Markets Law No. 6362 and relevant regulations, the definition of Crypto Asset Service Provider (KVHS) covers not only exchanges mediating trading transactions (Platforms) but also institutions providing crypto asset custody services and those conducting the initial sale or distribution of these assets.
The most critical legal transformation here is the explicit definition of KVHSs as a "Financial Institution" within the scope of MASAK legislation (Regulation on Measures, Art. 4). This change in status removes KVHSs from being simple "obliged parties" and subjects them to aggravated responsibilities in the same class as banks, payment institutions, and capital market intermediary institutions. Therefore, the operational processes of a KVHS must be constructed with the rigor of an audited bank rather than a fintech startup.
The most concrete and comprehensive obligation brought by the "Financial Institution" status is the obligation to establish a MASAK Compliance Program. Pursuant to Article 4 of the Regulation on Compliance; like banks and capital market institutions, Crypto Asset Service Providers are also obliged to create a compliance program with a risk-based approach.
This program is not a policy document that remains on paper; it is a living organism containing the institution's risk management, monitoring, control, and training activities. The ultimate responsibility for the program lies with the Board of Directors, and activities carried out within the scope of the program must be executed under the surveillance and supervision of the Board of Directors. If your compliance program does not work integrated with your technical infrastructure (e.g., your transaction monitoring software), it is not deemed legally "effective."
As a natural consequence of the financial institution status, it is mandatory for KVHSs to create a comprehensive compliance program with a risk-based approach. Pursuant to Articles 4 and 5 of the Regulation on Compliance, this program must contain at least the following components:
Institutional Policy and Procedures: Policies written and approved by the board of directors, considering the business size and transaction volume.
Risk Management: Definition and grading of customer, service, and country risks.
Monitoring and Control: Continuous tracking of transactions and detection of high-risk situations.
Training and Internal Audit: Regular training of personnel and independent audit of the system.
If the KVHS is within a "Financial Group" (a group of companies dependent on a parent company), compliance processes can be managed from a single center. According to the MASAK Guide; institutions affiliated with a financial group can share information regarding customer due diligence (KYC), accounts, and transactions within the group. In intra-group information sharing, sharing cannot be avoided by asserting confidentiality provisions (customer secrecy, etc.) in special laws. This regulation paves the legal ground for group companies to use a common "Blacklist" or "Risk Database."
Be the first to be informed about our new articles, opinions and case studies in the field of Blockchain.
One of the most critical administrative conditions introduced for KVHSs is the obligation to appoint an "Exclusively Assigned Compliance Officer" for the execution of the compliance program. This position is a status authorized at the administrative level, independent of other departments, directly reporting to the Board of Directors or the General Manager, and separated from non-executive units.
The legislation seeks high standards for persons to be appointed to this duty. The conditions that the person to be appointed as Compliance Officer must meet are as follows:
Being a Turkish citizen and not being deprived of public rights,
Having received at least a 4-year undergraduate education in Türkiye or equivalent institutions abroad,
Having at least 5 years of professional experience in financial institutions or MASAK/audit units,
Not having been convicted of crimes such as embezzlement, fraud, smuggling, or financing of terrorism.
Furthermore, the appointment of the compliance officer as "Exclusive" means that this person cannot take part in revenue-generating activities such as sales, marketing, or operations, and must focus solely and exclusively on compliance processes. By legal regulations, it is the responsibility of the board of directors to establish a Compliance Unit working under the compliance officer and responsible for the execution of the program, and to allocate sufficient resources to this unit. It is a legal obligation for this officer to have the authority to act with independent will in Suspicious Transaction Report (STR) processes.
Regulatory Compliance & LicensingServicesJuly 11, 2025👤Genesis Hukuk
The biggest technical barrier in the crypto asset ecosystem's transition from a culture of "anonymity" to "traceability" standards is undoubtedly the implementation of the Travel Rule. This rule aims to ensure transparency and traceability by eliminating the anonymity of Distributed Ledger Technology (DLT) based transfers. As Genesis Hukuk, we interpret this rule not merely as a legal text, but as the fundamental architecture of inter-exchange communication protocols (API).
FATF Recommendation 16 and its counterpart in Turkish law, MASAK Regulation on Measures Art. 24/A, mandate that information "travels with" the asset in crypto asset transfers. To express it in technical terms; while the transaction (tx) is taking place on the blockchain, the identity data set belonging to the sender and receiver must also be transmitted to the counterparty through a secure channel within the Crypto Asset Transfer Message.
The data fields that must be present in the content of this transfer message are:
Sender Information: Name-surname, trade name, wallet address (or reference number if unavailable), and distinctive information required for identification (T.C. identity number, passport number, address, etc.).
Receiver Information: Name-surname and wallet address.
The legislation envisages the use of technological tools such as Distributed Ledger Technology (DLT) or independent messaging platforms (API interfaces) for the transfer of this data. Therefore, it is essential that your system architecture has the capability to create this data packet at the moment of the transfer order and transmit it encrypted.
The fundamental parameter determining the "decision tree" in operational processes is the 15,000 TL Identity Verification Limit. Your software algorithms must take the following actions based on these limits:
Transfers of 15,000 TL and Above: It is mandatory that Sender and Receiver Information belonging to the sender is included in the message AND that the accuracy of this information is verified.
Transfers Below 15,000 TL: Including sender and receiver information in the message is sufficient; verification of information is not mandatory at this stage.
Technical Procedures for Missing Information:
The KVHS on the receiving side of the transfer must implement strict procedures if the incoming Crypto Asset Transfer Message contains missing or inconsistent mandatory information. This is the most critical application point of technical compliance:
Completion Obligation: The receiving KVHS must primarily contact the sending KVHS to ensure that missing or erroneous information is completed immediately.
Return/Reject Mechanism: In cases where information cannot be completed, it is mandatory for the receiving KVHS to legally activate the mechanism to reject this transfer and return the funds to the sending KVHS via software.
However, be warned; if a counterparty (VASP) sending consistently missing information is detected, your risk management policies must engage, and stricter measures such as rejecting transfers from that provider or terminating the business relationship must be applied.
This creates a high-risk signal for the receiver and, pursuant to the Regulation on Measures, may lead to the limitation of transactions with this institution or the complete termination of the business relationship. This necessitates the development of a 'Blacklist' or 'Restriction List' module for platforms.
Due to the nature of decentralized finance (DeFi), your customers may wish to withdraw their assets to self-custody wallets under their own control instead of an exchange. The legislation evaluates transfers made to these Unhosted Wallet addresses, which are not registered with any KVHS, under a special risk category.
In this scenario, since there is no institution on the other side to share data with, the obligation is fulfilled through a declaration to be obtained from the customer. Your system must offer an interface to obtain the following declarations from the customer when a transfer order to an unhosted wallet is entered:
Name-surname if the wallet owner is a natural person,
Title if it is a legal entity,
At least one piece of distinctive information serving to identify the relevant person (TCKN, Passport No, etc.).
For KVHSs, it is mandatory to take additional and tightened measures within the framework of a risk-based approach for transfers to or from Unhosted Wallets. In terms of technical compliance, your platform requires:
Address Declaration and Classification: Constructing an interface (UI/UX) that mandates the user to declare that the individual wallet address they will transfer to or receive from belongs to them, and including this wallet in risk scoring.
Source of Funds Declaration: In high-value transfers (especially those exceeding the 15,000 TL threshold), it is essential to request additional declarations and documents (proof of transfer if received from another KVHS, etc.) in written or electronic media regarding the source of the Crypto Asset Transfer Message subject to the fund.
Risk Matrix Integration: An algorithm (Risk-Based Approach) must be created that continuously monitors the relationship between the customer's risk profile (low, medium, high) and the target of the transfer (licensed KVHS, Unhosted Wallet, risky geography) and binds the transfer to senior officer approval in case of anomaly.
These transactions should be examined within the framework of a risk-based approach rather than automatic approval, and the option not to execute the transfer if sufficient information about the counterparty cannot be obtained must be included in the algorithm.
In summary, transfers to Unhosted Wallets, although not banned, force the KVHS to the highest sensitivity regarding transaction monitoring and control obligations, and require a procedure for the transfer to be automatically suspended or rejected (hard-stop) in case of insufficient information.
The Travel Rule introduces complex data and architectural requirements. Our GRC Advisory services can help you integrate robust governance, risk, and compliance frameworks for your crypto operations.
Unlike traditional finance, customer acquisition (onboarding) for Crypto Asset Service Providers (KVHS) is conducted almost entirely via digital channels. However, this process is no longer a simple "uploading a selfie" operation; it is a high-security technological procedure framed by MASAK General Communiqué Row No. 19 and the Judicial Packages on the agenda.
As Genesis Hukuk, we transform legal texts into technical requirements that your software developers will understand when designing your KYC (Know Your Customer) processes.
While the legislation allows KVHSs to establish continuous business relationships with their customers without coming face-to-face, it stipulates that the process must be online, uninterrupted, video-based, and real-time. This means that asynchronous methods (such as sending a pre-recorded video) are against the legislation; your system must be built upon a live session architecture.
As an important restriction; platforms mediating the trading or custody of Privacy Coins are prohibited from performing Remote Identity Verification. Exchanges listing these assets cannot benefit from the ease of digital onboarding.
The standards your software infrastructure must meet are not limited to MASAK communiqués but are further tightened by new law articles proposed with the 11th Judicial Package.
A critical change is envisaged in Article 12 of Law No. 6493 with Article 36 of the Law Proposal submitted to the TBMM. Accordingly; the use of "biometric methods" or "identity documents capable of electronic identity verification (chipped/NFC)" in verifying the customer's identity while establishing a contract in the digital environment is becoming a legal obligation.
Although this regulation technically targets Payment and Electronic Money Institutions, it also creates a "de facto" standard for KVHSs with Financial Institution status. As Genesis Hukuk, our recommendation is to configure your systems now based on this standard, focused on "NFC and Biometrics" instead of "optical reading (OCR)."
The use of Near Field Communication (NFC) technology is essential in verifying the identity document. Data on the chipped ID card (photo, etc.) must be verified cryptographically.
Exception Management: If the device or ID does not have the NFC feature/it does not work; it is mandatory to visually verify at least four security features (hologram, guilloche pattern, etc.) on the identity document in terms of form and content.
The customer's live image must be matched with the photo on the ID (preferably the photo in the chip). The False Acceptance Rate of the artificial intelligence algorithm used must be below one in ten million. Additionally, Liveness Check mechanisms against "deepfake" and fake face attacks must be integrated into the system.
Pursuant to Article 33 of the same Law Proposal, the audit of foreign nationals and fake lines (open lines) is being tightened. Therefore, confirming that the phone number used in the onboarding process is registered to the ID holder (Telco-Check) has become a critical risk parameter. This regulation offers a technical infrastructure to minimize the "mule account" risk in crypto exchanges:
Update Obligation for Foreign Nationals: If foreign nationals do not update their current subscription information within 6 months or have their identities verified, the signal (electronic communication connection) of their lines will be cut.
Line Limitation: A limit is being imposed by the BTK on the maximum number of lines a person (real or legal) can obtain. Closing over-limit lines will make it difficult for fraudsters to open exchange accounts with "disposable" lines.
Device/Line Matching: A limit is being imposed on the number of lines that can be used on the same device (IMEI) within a certain period. This is a technical barrier against "SIM Box" fraud.
If the identity document could not be verified via NFC during the remote identity verification process; it is mandatory that the first financial movement (deposit) before establishing a continuous business relationship be made from an account held in the customer's own name at another financial institution (bank).
Legally, the error margin (False Acceptance Rate) of the Artificial Intelligence (AI) algorithm ensuring the match between the person's face and the photo on the ID in remote identity verification must be below one in ten million (1/10,000,000). If the software used is domestic, obtaining a Turkish Standards Institution (TSE) Report documenting this error rate is mandatory. If the algorithm is of foreign origin and has an internationally valid certificate (NIST, etc.), a separate TSE report is not sought.
For KVHSs, risk management is a dynamic process that goes beyond standard procedures. The "Financial Institution" status mandates the implementation of Enhanced Due Diligence in suspicious situations or high-risk transactions.
Obliged parties must request additional information/documents from the customer and inquire about the source of funds in cases they evaluate as high risk within the framework of a risk-based approach (e.g., relationships with risky countries, complex and unusually large transactions).
Especially in relationships that KVHSs will establish with each other or with high-risk customers (e.g., foreign Politically Exposed Persons - PEP), the establishment or continuation of the business relationship must be tied to Senior Management Approval. These accounts cannot be opened without the approval of the board of directors or the authorized senior executive.
According to the "National Risk Assessment on Money Laundering and Financing of Terrorism" report published by MASAK; Crypto Asset Service Providers (KVHS) are one of the two sectors classified at the "High Risk" level, alongside the Banking sector.
This classification requires KVHSs to be ready to implement not only standard measures but also Enhanced Due Diligence as a "default" procedure. Since the risk level of the sector is "High" in the eyes of the state, your chance of applying "Simplified Measures" (e.g., not performing identity verification in low-limit transactions) in any audit is legally impossible, except for the exceptions explicitly allowed in Communiqué No. 5.
To minimize risks specific to the crypto sector, MASAK legislation (Communiqué No. 29) has drawn very clear operational boundaries:
Privacy Coins: Mediating the buying, selling, or custody of assets whose transfer trails cannot be traced, such as Monero (XMR) and Zcash (ZEC), is strictly prohibited.
Cool-off Period: To prevent fraud risk; it is mandatory to wait at least 48 hours from the asset purchase or deposit transaction for crypto asset transfers (withdrawal transactions). This period is applied as at least 72 hours for the customer's first crypto asset withdrawal transaction. Your software must automatically apply this "time-lock" rule. This rule serves as a "braking mechanism" to prevent rapid fund transfers for money laundering purposes.
Transaction Limits: A limit of 3,000 USD daily and 50,000 USD monthly applies to withdrawal transactions of stable crypto assets (stablecoins) (these limits can be doubled if sender/receiver information is verified within the scope of the Travel Rule).
PEP (Politically Exposed Person) Status: Establishing business relationships with politically exposed persons (or their relatives).
Risky Geographies: High-volume transfers from jurisdictions designated as risky or non-cooperative countries by the FATF.
The ultimate output of the compliance program is reporting the detected risks to MASAK as a Suspicious Transaction Report (STR). The compliance officer is obliged to make this notification electronically via MASAK's Electronic Notification System (EBAS), regardless of the amount, within the legally prescribed periods, after obtaining any information or forming a suspicion that it is linked to illegal purposes (laundering or terrorist financing).
Notification must be made within 10 business days at the latest from the date the suspicion arises (immediately if there is a risk in delay).
Notifications must be classified using special codes defined for the crypto sector (e.g., SK-29 Unlicensed payment/electronic money service, SK-35 Violation of asset freezing decision, SK-36 Financing of proliferation of weapons of mass destruction).
KVHS systems must be designed to automatically detect Red Flag scenarios, send an instant alert to the compliance unit, prepare the notification file, and make it ready for EBAS integration automatically or semi-automatically after obtaining Senior Management Approval. Successful compliance is measured by the full conformity of this technical automation with legal procedures.
Genesis Hukuk is your strategic partner in the integration of these technical parameters into your system and the legal calibration of your suspicious transaction algorithms (scenario tuning).
Zero-Knowledge (ZK) Technology for FinanceServicesAugust 10, 2025👤Genesis Hukuk
In the crypto ecosystem, "compliance" is not just completing a checklist; it is creating a shield against elements threatening the security of the international financial system. Especially when global risks such as terrorist financing and the proliferation of weapons of mass destruction are concerned, there is zero margin for error for KVHSs. As Genesis Hukuk, we propose a zero-tolerance architecture regarding the screening of sanction lists and the technical integration of asset freezing processes.
The freezing of crypto assets in Türkiye is carried out within the framework of two fundamental laws: Law No. 6415 on the Prevention of the Financing of Terrorism and Law No. 7262 on the Prevention of the Financing of the Proliferation of Weapons of Mass Destruction.
Pursuant to these laws, Freezing of Assets is the removal of the power of disposition to prevent the destruction, consumption, conversion (swap), transfer, and assignment of the asset. The concept of "Asset" directly covers crypto assets (funds, rights, receivables, and digital values representing them).
The process is published in the Official Gazette with a Presidential Decree in line with UN Security Council Resolutions or foreign state requests. The critical point is this: These decisions must be implemented without delay the moment they are published. KVHS systems must be capable of scanning lists published by the Official Gazette or MASAK instantaneously (via API or RSS feeds) and automatically locking matching wallets.
The 11th Judicial Package (Law Proposal Article 22) on the agenda introduces the authority and obligation for KVHSs to take initiative without waiting for a court order via Article 128/A added to the Criminal Procedure Code (CMK). This regulation positions KVHSs as a "first response unit" specifically in the fight against fraud and cybercrimes.
Operational Mechanism (48-Hour Rule): According to the law proposal; in case of reasonable suspicion that crimes of Qualified Theft, Qualified Fraud, and Abuse of Bank/Credit Cards have been committed; KVHSs will be able to suspend the account related to the suspicious transaction ex officio (by their own decision) for up to 48 hours.
Notification Obligation: The moment the suspension process is applied, the situation must be immediately reported to the Chief Public Prosecutor's Office along with account movements and relevant documents.
Legal Protection (Safe Harbor): As Genesis Hukuk, the detail we attach the most importance to is this: The law proposal explicitly rules that KVHSs taking action under this article will not be held legally or criminally responsible (Immunity) for the suspension process they apply. This is a critical assurance for exchanges to take quick action without fear of compensation lawsuits.
Asset Transfer Warning: If it is detected that the asset is transferred to another institution (another exchange or wallet) before the suspension process is completed, it is mandatory for the KVHS to inform that institution without delay. This situation increases the importance of inter-exchange "Blacklist API" integrations.
The law proposal paves the way not only for a temporary suspension but also for the rapid seizure of proceeds of crime. Within the 48-hour suspension period;
In cases where there is a risk in delay, the Public Prosecutor may issue a written order for the seizure of the crypto asset in the suspended account.
The seizure decision given by the Prosecutor is submitted to the judge's approval within 24 hours, and the judge announces their decision within 48 hours at the latest.
This is one of the most critical innovations. If it is understood that the seized crypto asset belongs to the victim, the asset is returned to the victim during the investigation phase, without waiting for the case to conclude (which could take years).
As Genesis Hukuk, we specifically underline this article. The biggest reservation of KVHSs was the fear of "I stopped the transaction because it was suspicious, but what if the customer sues me?".
According to paragraph 6 of Article 128/A of the law proposal; banks or crypto asset service providers deciding on suspension (upon suspicion) pursuant to this article cannot be held responsible legally and criminally due to these actions.
When exchanges freeze an account with reasonable suspicion, even if innocence is understood later, the customer will not be able to file a compensation lawsuit against the exchange saying "I couldn't trade, I lost money." This is the most strategic article strengthening the hand of compliance teams.
Especially within the scope of Law No. 7262, providing funds or financial services to persons or entities specified in UN Security Council (BMGK) resolutions (especially North Korea and Iran connected) is strictly prohibited.
Prohibited Transactions and Activities in this context include:
Providing funds (crypto assets) directly or indirectly to persons/entities on the prohibited list,
These persons opening representative offices or entering into business partnerships in Türkiye.
Performing any Prohibited Transactions and Activities not specified in the license and authorization documents by KVHSs (e.g., offering leveraged transactions, promising interest income) is subject to heavy sanctions before both the SPK and MASAK.
Opening anonymous or pseudonymous accounts in Türkiye or transacting with such accounts is strictly prohibited and contrary to the Financial Institution Status.
KVHSs are obliged to check whether the parties to the transaction are on these prohibited lists before executing a transaction. The Audit and Cooperation Commission is the highest administrative authority authorized to audit the implementation of these prohibitions and to propose additions/removals to BMGK lists.
Sanctions to be applied in case of non-compliance entail heavy consequences binding not only the company but also managers and personnel.
Persons who do not fulfill, neglect, or delay asset freezing decisions are sentenced to imprisonment from 6 months to 2 years or a judicial fine.
Those who provide funds or financial services to persons whose assets are frozen are sentenced to imprisonment from 1 year to 3 years or a judicial fine.
Those who engage in prohibited transactions and activities (e.g., financing of proliferation of weapons of mass destruction) are punished with imprisonment from 2 years to 8 years.
If these acts are committed within the framework of the activity of a legal entity (KVHS), an administrative fine from 10,000 TL to 2,000,000 TL is also imposed on the legal entity.
Data Sharing and Judicial Fines (New Regulation)
Another critical sanction introduced with the 11th Judicial Package concerns judicial cooperation processes. It is mandatory to send information/documents requested by the Prosecutor's Office or Court within the scope of an investigation or prosecution within 10 days (in physical or electronic media).
An administrative fine between 50,000 TL and 300,000 TL may be directly applied by the Public Prosecutor to KVHSs that do not provide information or provide incomplete information within this period. This regulation mandates KVHSs to automate their "Law Enforcement Request" response systems.
MASAK audit officers (Tax Inspectors, Treasury and Finance Experts, etc.) have the authority to audit on-site or remotely whether KVHSs act in accordance with freezing decisions.
These new regulations show that KVHSs possess an active 'policing' authority in the fight against crime, rather than being just passive 'custody institutions'. Your software infrastructure offering a '48-Hour Suspend' button to the operator when it detects a suspicious transaction and this action automatically creating the Prosecutor notification template is the technical compliance standard of the new era.
KVHSs must retain documents, books, and records in all types of media for a period of 8 years. However, as Genesis Hukuk, we warn you; the start date of this period varies according to the document type:
Identity Verification Documents: It starts from the date the account is closed, not from the date of the last transaction.
Books and Records: It starts from the date of the last entry.
Transaction Documents: It starts from the date the transaction was made (issued).
Suspicious Transaction Records: Notifications made to MASAK and (internal) suspicious transactions decided not to be notified are also subject to this retention period.
Being a Crypto Asset Service Provider (KVHS) in Türkiye is no longer a period of rapid and unsupervised growth, but a stage where the institutional seriousness brought by the Financial Institution Status is tested. The Turkish crypto asset market has left the "gray area" period behind and has become an integrated part of the state's financial intelligence network. MASAK compliance for Crypto Asset Service Providers is not only a legal obligation; it is a prerequisite for access to global liquidity, banking integration, and the continuity of the license. Law No. 5549 and relevant communiqués have positioned compliance not just as paperwork, but as a complex engineering problem necessitating technological integration.
From initial design to ongoing operations, Genesis Hukuk provides comprehensive legal guidance. Ensure your smart contracts, architectures, and compliance programs meet Turkish and international standards.
Compliance is not a cost item; it is an operational "survival" license.
As Genesis Hukuk, we do not just write your contracts and legal texts. Our expertise lies in taking legal requirements (e.g., the Crypto Asset Transfer Message requirement of the Travel Rule) and transforming them into technical specifications that your engineering team can directly use.
Technical Validation: We audit the compliance of your Travel Rule messaging protocols and API architecture with the legislation.
Operational Setup: We pass your 48/72-hour cool-off periods, NFC-based KYC flows, and suspicious transaction algorithms (red flag indicators) through legal filters.
Crisis Management: We stand by you with our technical and legal team in the instant implementation of asset freezing decisions and MASAK audit processes.
RegTech Integration: Ensuring the full compliance of your Identity Verification with NFC and Biometric Comparison processes in Customer Onboarding with MASAK Communiqué No. 19.
Risk Algorithm Development: Performing the legal validation of your software modules that automatically trigger Enhanced Measures, tracking funds from Unhosted Wallets, and risk scoring of Privacy Coins.
Contact Genesis Hukuk's blockchain experts today for global scalability, sustainable growth, and full technical/legal compliance with Turkish regulations. Let's build the future together on secure foundations.
In this section, you can find 8 fundamental questions and answers regarding critical regulations such as the legal status of KVHSs, SPK/MASAK audit powers, minimum capital, leverage ban, customer asset protection, and transfer limits.
In Türkiye, crypto asset service providers have been placed under the regulation and supervision authority of the Capital Markets Board (SPK). Additionally, there is the supervision of the Financial Crimes Investigation Board (MASAK) within the scope of prevention of money laundering and financing of terrorism (AML/CFT).
According to the new regulations, crypto currency exchanges to operate in Türkiye will need to be established with a minimum capital of 150 million TL. For institutions that will offer crypto asset custody services, the capital requirement has been determined as 500 million TL. Platforms must be in the structure of a joint-stock company.
No, according to the new regulations, crypto assets traded on exchange platforms cannot be used for leveraged transactions. This decision aims to prevent investors from taking excessively risky positions.
New regulations have increased the protection of customer assets. Cash and crypto assets belonging to customers will be kept separate from the assets of crypto asset service providers and cannot be seized, pledged, or included in the bankruptcy estate due to the provider's debts. Furthermore, crypto currency exchanges are obliged to keep at least 95% of customer assets in licensed custody institutions.
Yes, pursuant to the Financial Crimes Investigation Board General Communiqué, platforms shall perform crypto asset withdrawal transactions they mediate at least 48 hours after the purchase, swap, or deposit transaction. This period has been determined as at least 72 hours regarding the first crypto asset withdrawal transactions.
Activities directed at persons resident in Türkiye by platforms based abroad will be evaluated as unauthorized crypto asset service provision. It is mandatory for such platforms to terminate their activities directed at persons resident in Türkiye (such as opening a Turkish website, conducting marketing).
With the Law No. 7518 regulation, crypto assets are defined as "intangible assets that can be created and stored virtually using distributed ledger technology or a similar technology, distributed over digital networks, and can express value or rights." According to the 2021 TCMB Regulation, crypto assets are not fiat money, recorded money, electronic money, or securities.
Yes, specifically in withdrawal transactions of assets whose value is pegged to another value or official currency and known as "stable crypto currency," a limit of 3,000 USD daily and 50,000 USD monthly is applied. For professional transactions such as liquidity provision or market making, these limits and time rules may not be applied with board of directors approval.
⚠️ Important Note: The subjects of "Suspension Ex Officio" and "Legal Immunity" discussed in this section have been evaluated within the scope of the Draft Law of the 11th Judicial Package currently on the agenda of the Turkish Grand National Assembly (TBMM). Changes may occur in the text during the legislative process. Genesis Hukuk will keep this guide up-to-date by closely monitoring the process.
