In 2025, the Know Your Customer (KYC) regulations in Turkey stand as a critical pillar for preventing financial crimes such as money laundering and terrorism financing. Businesses, financial institutions, and service providers must navigate an evolving legal framework that mandates comprehensive customer verification and ongoing monitoring.
Akkas & Associates Law Firm, a leading Istanbul-based full-service law firm since 1992, provides expert guidance to help you stay compliant with Turkey’s stringent KYC laws.
Table of Contents
At the heart of Turkey’s anti-money laundering (AML) and counter-terrorist financing (CTF) efforts lies Law No. 5549 on the Prevention of Laundering Proceeds of Crime. This legislation, along with subsequent regulations and communiqués issued by the Financial Crimes Investigation Board (MASAK), defines the obligations for “obliged parties” – a broad category encompassing financial institutions, real estate agents, notaries, and, notably, independent attorneys for certain transactions.
The core principle of KYC is simple: businesses must verify the identity of their customers and understand the nature of their financial activities. This is crucial for detecting and preventing illicit financial flows.
Understanding KYC in Turkey
KYC, or Müşterini Tanı in Turkish, requires entities to authenticate customer identities and assess financial activities to mitigate risks linked to illicit financial practices. This regulatory framework originates from Law No. 5549 on the Prevention of Laundering Proceeds of Crime, under which the Financial Crimes Investigation Board (MASAK) supervises compliance and enforcement.
Organizations engaging in financial transactions must perform identity verification, risk profiling, and due diligence before onboarding clients. This not only safeguards businesses but also enhances confidence in Turkey’s global financial system.
Key Components of Turkey’s KYC Regulations
- Customer Identification Program (CIP): Verifying identity documents like passports or national ID cards.
- Customer Due Diligence (CDD): Analyzing customer risk profiles based on their financial behavior and transaction types.
- Enhanced Due Diligence (EDD): Applied to high-risk customers such as Politically Exposed Persons (PEPs) or transactions involving large amounts.
- Ongoing Monitoring: Continuous surveillance of transactions to detect suspicious activities and updating customer information regularly.
Financial institutions and regulated entities are legally obligated to comply with these components, ensuring full transparency and accountability.
Recent Amendments in 2024-2025
Turkey has refined its AML/KYC regulations, including measures expanding to emerging sectors like cryptocurrencies. Since February 2025, stringent KYC and Anti-Money Laundering (AML) rules require crypto service providers to verify users for any transaction exceeding 15,000 Turkish Lira (approximately $425).
Providers failing to identify clients may face suspension of services or termination of business relationships with non-compliant users. The Capital Markets Board (CMB) and TÜBİTAK oversee these regulations to maintain technological and operational integrity in this fast-growing sector.
Such amendments align Turkey with international standards, notably the EU’s Markets in Crypto-assets (MiCA) regulation, reinforcing the country’s dedication to combating financial crime across all sectors.
Essential Components of KYC in Turkey
Compliance with Turkish KYC regulations involves several key components:
1. Customer Identification and Verification (CIV): This is the initial and most fundamental step. For individuals, this typically involves verifying identity through a national ID card, passport, or residency permit.
For legal entities, it requires obtaining and verifying corporate documents such as trade registry certificates, tax identification numbers, and authorized signatory information. Remote identification methods are permitted under specific conditions, often involving video identification and other secure technologies, regulated by the Banking Regulation and Supervision Agency (BDDK).
2. Customer Due Diligence (CDD): Beyond mere identification, CDD requires obliged parties to gather information about the purpose and nature of the business relationship. This includes understanding the source of funds and assets, estimated transaction volumes, and the customer’s overall financial profile.
The depth of CDD is risk-based; higher-risk clients, such as Politically Exposed Persons (PEPs) or those with complex ownership structures, will necessitate Enhanced Due Diligence (EDD).
3. Enhanced Due Diligence (EDD): For higher-risk scenarios, EDD mandates more rigorous scrutiny. This may involve extensive background checks, a deeper analysis of financial transactions, and continuous monitoring of the business relationship. The goal is to mitigate the elevated risk associated with certain clients or activities.
4. Ongoing Monitoring: KYC is not a one-time event. Obliged parties must continuously monitor customer transactions and activities to ensure they align with the expected behavior and declared purpose of the business relationship. Any deviation or suspicious activity triggers further investigation.
5. Suspicious Transaction Reporting (STR): If any information or activity gives rise to suspicion that assets are illegally obtained or used for illegal purposes, obliged parties are mandated to report these suspicious transactions to MASAK. Timely and accurate reporting is a critical element of Turkey’s AML/CTF framework. Reports involving terrorism financing must be made immediately.
6. Record-Keeping Obligations: Comprehensive records of all KYC procedures, including identification documents, transaction details, and any suspicious activity reports, must be maintained. Turkish law generally requires these records to be kept for a minimum of eight years, allowing authorities access to historical data for investigations.
The Role of MASAK: Turkey’s Financial Intelligence Unit
MASAK (Mali Suçları Araştırma Kurulu), the Financial Crimes Investigation Board, serves as Turkey’s primary financial intelligence unit. Operating under the Ministry of Treasury and Finance, MASAK is responsible for developing, implementing, and enforcing AML/CTF policies and regulations.
It analyzes suspicious transaction reports, conducts investigations, and cooperates with international bodies like the Financial Action Task Force (FATF) to align Turkey’s framework with global best practices.
Recent updates in 2024 and those coming into full effect in 2025 demonstrate Turkey’s ongoing commitment. These include strengthened regulations for Virtual Asset Service Providers (VASPs), with mandatory KYC procedures and real-time transaction reporting for sums exceeding certain thresholds (e.g., ₺75,000 for crypto transactions). For transfers of ₺15,000 or above, more detailed originator and beneficiary information is now required.
Who are “Obliged Parties” in Turkey?
The scope of “obliged parties” under Turkish KYC regulations is broad and continues to expand. It includes:
- Banks and financial service providers
- Payment and electronic money institutions
- Cryptocurrency platforms
- Insurance, reinsurance, and pension companies
- Auditors, external accountants, and tax advisors
- Notaries and other independent legal professionals (for specific transactions like real estate sales, company formation, and managing certain accounts)
- Real estate agents
- Dealers of high-value goods (precious stones, metals, vehicles, etc.)
- Providers of gambling services
For independent attorneys, the obligation to conduct KYC checks extends to specific transactions, such as the purchase and sale of real estate, company incorporation, and the management of certain accounts and assets, provided it does not violate attorney-client privilege in judicial procedures.
Penalties for Non-Compliance
Non-compliance with Turkey’s KYC and AML regulations carries significant penalties. These can range from substantial administrative fines (up to millions of Turkish Liras) to criminal sanctions, including imprisonment for individuals involved in money laundering activities. Institutions found to be in egregious or willful non-compliance may face severe reputational damage and operational restrictions.
Staying abreast of these regulations is not just a matter of legal obligation but also a strategic imperative for businesses seeking to operate securely and transparently in the Turkish market.
FAQs on KYC Regulations in Turkey
Q1: What is KYC in the context of Turkish law? A1: KYC, or “Know Your Customer” (Müşterini Tanı in Turkish), is a regulatory requirement in Turkey that mandates businesses to verify the identity of their clients and understand their financial activities to prevent money laundering, terrorist financing, and other financial crimes.
Q2: Which institutions are subject to KYC regulations in Turkey? A2: A wide range of entities are “obliged parties,” including banks, financial institutions, payment providers, cryptocurrency platforms, real estate agents, notaries, certain independent legal professionals, and high-value goods dealers.
Q3: What are the main components of KYC due diligence in Turkey? A3: The main components include customer identification and verification, customer due diligence (including enhanced due diligence for higher-risk cases), ongoing monitoring of transactions, suspicious transaction reporting to MASAK, and diligent record-keeping.
Q4: How does Turkey regulate remote identity verification for KYC purposes? A4: Turkey permits remote and electronic identity verification methods, such as video identification, provided they meet specific security standards and are regulated by authorities like the BDDK. These methods must gather all information required for traditional face-to-face identification and minimize risk.
Q5: What are the consequences of non-compliance with KYC regulations in Turkey? A5: Non-compliance can lead to severe penalties, including hefty administrative fines, criminal charges for individuals involved, and significant reputational damage to the offending institution.
Q6: What is the role of MASAK in Turkish KYC regulations? A6: MASAK (Financial Crimes Investigation Board) is Turkey’s financial intelligence unit. It is responsible for setting, enforcing, and overseeing AML/CTF regulations, analyzing suspicious transaction reports, and cooperating internationally to combat financial crime.
Q7: Are cryptocurrency transactions subject to KYC in Turkey? A7: Yes, as of recent updates, Virtual Asset Service Providers (VASPs) in Turkey are subject to mandatory KYC procedures, including real-time transaction reporting for amounts exceeding specified thresholds. More detailed information for transfers above ₺15,000 is also required.
Contact us for Know your customer regulations in Turkey
Understanding and implementing the intricate KYC and AML regulations in Turkey is vital for any business. At Akkas & Associates Law Firm, our experienced team of corporate and finance lawyers in Istanbul provides comprehensive legal services, ensuring your business remains fully compliant with the latest Turkish laws and international standards.
From initial customer identification to ongoing monitoring and suspicious transaction reporting, we guide you through every step. For expert legal advice on financial regulations, compliance, and corporate governance in Turkey, contact Akkas & Associates Law Firm today.
Please fill out and submit the form below to make an appointment.
