New Regulatory Updates in Turkey: Crypto Asset Service Providers and E-Commerce Platforms Under Enhanced Compliance Obligations
New Regulatory Updates in Turkey: Crypto Asset Service Providers and E-Commerce Platforms Under Enhanced Compliance Obligations

New Regulatory Updates in Turkey: Crypto Asset Service Providers and E-Commerce Platforms Under Enhanced Compliance Obligations
In a move that significantly reshapes the financial landscape, recent regulations in Turkey have placed crypto asset service providers within the class of “financially obligated institutions.” These changes carry considerable implications for Know Your Customer (KYC) protocols, potential penalties for noncompliance, and the broader regulatory landscape. Below is a comprehensive overview of the new requirements and what they mean for businesses and consumers alike.
1. Crypto Asset Service Providers: Key Changes
Inclusion as Financially Obligated Institutions
Crypto asset service providers are now classified among the “financially obligated” sector and must implement a compliance program. This formal designation imposes new responsibilities, from stringent KYC procedures to mandatory reporting requirements.
Lowered Identification Threshold
The KYC threshold for crypto asset service providers has been reduced from 185,000 TL to 15,000 TL.
As a result, crypto companies face stricter due diligence and are expected to thoroughly verify customer identities at much lower transaction amounts.
Heavy Penalties for Noncompliance
Each KYC violation carries substantial fines. For instance, in 2025, the penalty per violation (İPC) stands at 453,160 TL. Given these hefty fines, the importance of robust identity verification cannot be overstated.
Detailed Procedures Under Regulation 24/A
Effective February 25, 2025, Article 24/A specifies:
Customer identification processes
How crypto asset transfers must be managed
Compliance programs and reporting mechanisms
These additions clarify operational standards for crypto transactions, reinforcing oversight and consumer protection.
MASAK Electronic Notification System
Crypto asset service providers must register with the MASAK (Financial Crimes Investigation Board) Electronic Notification System within one month, ensuring streamlined communication and regulatory oversight.
2. E-Commerce Service Providers: Extended Scope
Obligation for Mid to Large-Scale Platforms
Mid-sized, large, and very large electronic commerce intermediary service providers conducting transactions on behalf of others will also be categorized as “obligated institutions” starting February 25, 2025. They must:
Implement compliance programs
Appoint a dedicated compliance officer
This expansion aligns with a broader tax enforcement initiative, which recently introduced a 1% withholding tax on the gross revenue of e-commerce platforms.
3. Customer Identification Updates
New Requirements for Turkish Nationals
Birthplace information is only required for non-Turkish customers.
For Turkish citizens, parents’ names (mother/father) are no longer collected.
Only the Turkish Identity Number (T.C. ID) is now mandatory.
This streamlined approach simplifies data collection while maintaining robust identification standards.
4. Public Notices About Acting on Behalf of Others
To mitigate risks of third-party transactions, obligated institutions must display notices in all service locations, reminding individuals who act “in their own name but on someone else’s behalf” of their responsibilities.
Minimum content requirements for these notices will be defined by MASAK.
MASAK also has the authority to exempt certain institutions from these requirements based on a risk-based approach.
5. Narrower Scope for Attorneys
Recent amendments have narrowed the range of attorney obligations, revisiting where and how lawyers must comply with financial regulations. The specific details, however, may require further guidance or clarification from relevant authorities.
6. Third-Party Reliance in Identity Verification
In line with the “trust in third-party” principle, new regulations specify that if a previous financial institution has conducted a remote identity verification, the digital images from that verification can be requested. Additionally, the prior KYC process must not have been performed under simplified due diligence. This rule aims to reduce duplicate efforts while still maintaining rigorous identification standards.
Final Thoughts
These sweeping changes signal Turkey’s commitment to strengthening its AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) framework. Crypto asset service providers and e-commerce intermediaries must align their operations with these updated regulations to avoid substantial penalties and build consumer trust. As the effective date of February 25, 2025 draws closer, now is the time for all impacted entities to:
Review existing compliance programs
Update KYC/AML procedures
Train staff and stakeholders accordingly
By proactively adapting to these regulations, businesses can position themselves for sustained growth in an increasingly regulated digital economy. Stay tuned for future clarifications and guidelines from MASAK and other governing bodies, ensuring your organization remains compliant and competitive in the evolving financial landscape.





