In the Official Gazette dated 25 December 2024 and numbered 32763, various amendments were made to the legislation of the Financial Crimes Investigation Board (“MASAK”) in order to comply with the Financial Action Task Force (“FATF”) standards, and with these amendments, important changes were made regarding the obligations of crypto asset service providers (“CASPs”). These amendments were made to the relevant MASAK legislation listed below.
Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism (“Measures Regulation”),
Regulation on Program of Compliance with Obligations of Anti-Money Laundering and Combating the Financing of Terrorism (“Compliance Program Regulation”),
Regulation on the Procedures and Principles Regarding the Electronic Notification System of the Financial Crimes Investigation Board (“Notification Regulation”),
General Communiqué of the Financial Crimes Investigation Board (No. 5) (“Communiqué No. 5”), and
Financial Crimes Investigation Board General Communiqué (No: 19) (“Communiqué No. 19”).
“Financial Institution” Status
With the amendments made to the Measures Regulation, CASPs were defined as “financial institutions” and made subject to the same obligations as financial institutions. Accordingly, their responsibilities under MASAK legislation have expanded to align with those already applicable to financial institutions. As a result, CASPs should act like financial institutions and comply with their obligations by making the necessary operational and software updates. In addition, some of the facilities granted to institutions defined as “financial institutions” will also apply to CASPs. For example, institutions defined as “financial institutions” have facilitated opportunities for customer acquisition by taking advantage of the “trust in a third party” principle, and therefore this opportunity may also find application for CASPs.
Travel Rule
Measures Regulation includes certain information that should be included in the messages regarding the recipient and sender in crypto asset transactions of 15,000 (fifteen thousand) Turkish Liras and above and crypto asset transactions of less than 15,000 (fifteen thousand) Turkish Liras mediated by CASPs. This information includes identity information (name-surname, title of the legal entity registered in the trade registry, full name of other legal entities and entities without legal personality), wallet information (wallet address, reference number related to the transaction in the absence of a wallet address) and information to identify the sender (at least one of the information to identify the sender such as address or place and date of birth or customer number, citizenship number, passport number, tax identification number). For transactions of 15,000 (fifteen thousand) Turkish Liras and above, all such information of the sender should be included in the messages and confirmed by the CASPs. For the recipient, it is sufficient to include the identity and wallet information in the messages, and there is no obligation to confirm this information. For crypto asset transactions under 15.000 (fifteen thousand) Turkish Liras, it is sufficient to include the identity and wallet information of the recipient and sender, and there is no need to confirm the information. In case there is a lack of information in the messages, CASPs should ask for the completion of this deficiency. If these deficiencies are not corrected, they should return the crypto assets related to the transfer in question. This obligation in the recommendations of FATF is regulated by the “Travel Rule”, which is the obligation to securely and promptly receive, store and transmit information about the sender and receiver in the transfer of crypto assets. The software and technological tools that allow messaging, such as distributed ledger technology (DLT) or a platform or application interface that allows messaging, can be used to send the information required to be included in these transfer messages. The regulations regarding these obligations will enter into force on 25 February 2025.
Identification (Know Your Customer - KYC)
Communiqués No. 5 and No. 19, as well as the amendments to the Measures Regulation, introduced some new regulations on the identification obligations of CASPs. In this context, CASPs, which were within the scope of simplified measures according to the former version of Communiqué No. 5, have been removed from this scope with the amendments. Article 2.2.10. of the Communiqué No. 5 has excluded the CASPs that were able to identify themselves within the scope of simplified measures due to the exclusivity of this provision for “Gambling and Betting Activities”. In addition, some monetary limits have been set for the identification of CASPs.
With the provisional article added to Communiqué No. 19, in addition to face-to-face identification, CASPs have also gained the opportunity to acquire customers through remote identification. Accordingly, CASPs will conduct remote identification in establishing a continuous business relationship with their real person customers within the scope of MASAK regulations until new regulations for the crypto ecosystem regarding remote identification are issued by the Capital Markets Board (“CMB”). CASPs that intermediate the trading or custody of privacy-based crypto assets cannot perform remote identification and it is obligatory to make transactions through a bank or credit card account compatible with the identity information of the customers in the deposit or withdrawal transactions to be realized at the CASP, including the first financial transaction.
It is mandatory for CASPs to identify customers in the establishment of a continuous business relationship regardless of the amount, in transactions exceeding 15,000 (fifteen thousand) Turkish Liras in the total amount of the transaction or the total amount of multiple interconnected transactions, and in electronic transfers and crypto asset transfers carried out by CASPs, in transactions exceeding 15,000 (fifteen thousand) Turkish Liras in the total amount of the transaction or the total amount of multiple interconnected transactions.
The current customer identification systems should be brought into compliance with MASAK regulations within 4 (four) months at the latest. This applies to face-to-face identification as well as remote identification. Accordingly, CASPs should bring their customer identification in line with the requirements for face-to-face or remote identification and acquire customers accordingly. The regulations regarding these obligations will enter into force as of 25 February 2025.
Obligation to Establish a Compliance Program
Pursuant to the amendments made to the Compliance Program Regulation, CASPs are included among the obliged parties to establish a compliance program. Accordingly, with the amendments introduced within this scope, CASPs are obliged to appoint a compliance officer and deputy compliance officer within 1 (one) month following the publication date of the Compliance Program Regulation, and to establish a compliance program within 1 (one) month following this appointment, until 25 January 2025 at the latest. It is regulated that the compliance program established within this scope should be notified to MASAK within the specified periods, using the forms attached to the Compliance Program Regulation.
E-Notification System
An amendment to the Notification Regulation has introduced an obligation for CASPs listed by the CMB to open an electronic notification account with MASAK. This requirement should be fulfilled within 1 (one) month from 25 December 2024, the date the amended regulation was published. This ensures that CASPs are integrated into MASAK's notification system, aligning them with financial institutions such as banks, capital market intermediary institutions, financial leasing and factoring companies, financing companies, insurance and pension companies, portfolio management companies, and savings finance companies.
Conclusion
With the comprehensive amendments to the MASAK regarding CASPs, significant measures have been implemented to prevent illegal activities such as money laundering and terrorism financing through crypto asset transfers. In order to ensure their compliance with the amendments in the MASAK legislation, CASPs, which are currently in the process of transition in the CMB legislation to which they are subject, should prioritize the swift and meticulous establishment of the necessary infrastructure and systems to align with the updated requirements effectively. Although regulatory authorities such as MASAK and the CMB aim to mitigate risk by regulating this ecosystem, they bring critical approaches for the sector to continue its long-term growth.
For further information on this matter, please contact us via info@sadikcapan.com
Comments