# New Regulatory Updates in Turkey: Crypto Asset Service Providers and E-Commerce Platforms Under Enhanced Compliance Obligations **New Regulatory Updates in Turkey: Crypto Asset Service Providers and E-Commerce Platforms Under Enhanced Compliance Obligations** In a move that significantly reshapes the financial landscape, recent regulations in Turkey have placed **crypto asset service providers** within the class of “financially obligated institutions.” These changes carry considerable implications for Know Your Customer (KYC) protocols, potential penalties for noncompliance, and the broader regulatory landscape. Below is a comprehensive overview of the new requirements and what they mean for businesses and consumers alike. --- ## 1\. Crypto Asset Service Providers: Key Changes ### Inclusion as Financially Obligated Institutions Crypto asset service providers are now classified among the “financially obligated” sector and must implement a compliance program. This formal designation imposes new responsibilities, from stringent KYC procedures to mandatory reporting requirements. ### Lowered Identification Threshold * The **KYC threshold** for crypto asset service providers has been **reduced from 185,000 TL to 15,000 TL**. * As a result, crypto companies face stricter due diligence and are expected to thoroughly verify customer identities at much lower transaction amounts. ### Heavy Penalties for Noncompliance Each KYC violation carries substantial fines. For instance, in **2025**, the penalty per violation (İPC) stands at **453,160 TL**. Given these hefty fines, the **importance of robust identity verification** cannot be overstated. ### Detailed Procedures Under Regulation 24/A Effective **February 25, 2025**, Article 24/A specifies: * Customer identification processes * How crypto asset transfers must be managed * Compliance programs and reporting mechanisms These additions clarify operational standards for crypto transactions, reinforcing oversight and consumer protection. ### MASAK Electronic Notification System Crypto asset service providers must register with the **MASAK (Financial Crimes Investigation Board) Electronic Notification System** within **one month**, ensuring streamlined communication and regulatory oversight. --- ## 2\. E-Commerce Service Providers: Extended Scope ### Obligation for Mid to Large-Scale Platforms Mid-sized, large, and very large **electronic commerce intermediary service providers** conducting transactions on behalf of others will also be categorized as “obligated institutions” starting **February 25, 2025**. They must: * Implement compliance programs * Appoint a dedicated compliance officer This expansion aligns with a broader tax enforcement initiative, which recently introduced a **1% withholding tax** on the gross revenue of e-commerce platforms. --- ## 3\. Customer Identification Updates ### New Requirements for Turkish Nationals * **Birthplace information** is only required for **non-Turkish** customers. * For Turkish citizens, **parents’ names** (mother/father) are no longer collected. * **Only the Turkish Identity Number (T.C. ID)** is now mandatory. This streamlined approach simplifies data collection while maintaining robust identification standards. --- ## 4\. Public Notices About Acting on Behalf of Others To mitigate risks of third-party transactions, obligated institutions must display notices in all service locations, reminding individuals who act **“in their own name but on someone else’s behalf”** of their responsibilities. * **Minimum content requirements** for these notices will be defined by MASAK. * MASAK also has the authority to **exempt** certain institutions from these requirements based on a **risk-based approach**. --- ## 5\. Narrower Scope for Attorneys Recent amendments have **narrowed** the range of attorney obligations, revisiting where and how lawyers must comply with financial regulations. The specific details, however, may require further guidance or clarification from relevant authorities. --- ## 6\. Third-Party Reliance in Identity Verification In line with the **“trust in third-party”** principle, new regulations specify that if a previous financial institution has conducted a **remote identity verification**, the **digital images** from that verification can be requested. Additionally, the prior KYC process must **not** have been performed under **simplified due diligence**. This rule aims to reduce duplicate efforts while still maintaining rigorous identification standards. --- ## Final Thoughts These sweeping changes signal Turkey’s commitment to strengthening its **AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism)** framework. **Crypto asset service providers** and **e-commerce intermediaries** must align their operations with these updated regulations to avoid substantial penalties and build consumer trust. As the effective date of **February 25, 2025** draws closer, now is the time for all impacted entities to: 1. **Review** existing compliance programs 2. **Update** KYC/AML procedures 3. **Train** staff and stakeholders accordingly By proactively adapting to these regulations, businesses can position themselves for sustained growth in an increasingly regulated digital economy. Stay tuned for future clarifications and guidelines from MASAK and other governing bodies, ensuring your organization remains compliant and competitive in the evolving financial landscape.