New Developments (in brief)
To combat money laundering and the financing of terrorism, the Financial Crimes Investigation Board (MASAK) published Communiqué No. 28, amending the Financial Crimes Investigation Board General Communiqué No. 19 (“Communiqué No. 28” and “Communiqué No. 19”, respectively) in the official gazette dated 12 June 2025 and numbered 32924. In addition, MASAK issued Financial Crimes Investigation Board General Communiqué No. 29 (“Communiqué No. 29”) in the official gazette dated 28 June 2025 and numbered 32940. You can access Communiqué No. 28 here, Communiqué No. 19 here and Communiqué No. 29 here separately.
Communiqué No. 28 expands the scope of Communiqué No. 19, allowing crypto asset service providers to perform remote identification, and it regulates the procedures and principles regarding remote identification. Meanwhile, Communiqué No. 29 includes enhanced measures for transactions facilitated by crypto asset platforms.
What changes do the amendments bring?
- Significant amendments to Communiqué No. 19
Communiqué No. 28, published on 12 June 2025, introduced a significant amendment to the scope of Communiqué No. 19. Within the scope of this amendment, crypto asset service providers have been added to the list of obliged parties that can perform remote identification. In this context, the phrase “crypto asset service provider transactions” was added to the title of Article 5/A of Communiqué No. 19. The principles and methods to be applied by crypto asset service providers in remote identification processes were explained in the newly regulated second paragraph.
Within the framework of the amendments introduced by Communiqué No. 28, crypto asset service providers that are in a continuous business relationship with their customers are obliged to adhere to the remote identification methods prescribed for capital market intermediary institutions and portfolio management companies as set out in the first paragraph of Article 5/A of Communiqué No. 19. In addition, Communiqué No. 28 stipulates that crypto asset service providers must verify the customer’s address and identity information such as their name, surname, date of birth and Turkish ID number through the identity-sharing system database of the General Directorate of Population and Citizenship Affairs of the Ministry of Internal Affairs.
- Significant amendments made by Communiqué No. 29
Communiqué No. 29 sets out the principles and procedures regarding the enhanced measures that crypto asset service providers should implement within the scope of know-your-customer measures. Accordingly, the enhanced measures introduced are as follows:
a. Additional measures for customers
Communiqué No. 29 stipulates that crypto asset service providers must obtain information about the purpose of the transaction, the assets subject to the transaction and the source of the funds belonging to the customer. They must also increase the frequency of the controls applied in establishing a business relationship with their customers and other transactions that require identification. In addition, if it is clear from the nature of the transaction that additional measures are required, the business relationship should be kept under strict supervision.
b. Regulations on risk management policy
Crypto asset service providers must take appropriate measures to limit the amount and number of transactions in their risk management policies.
c. Regulations regarding transaction periods
Transactions carried out by crypto asset platforms[1] that intermediate crypto asset transfers are sent to or received from a wallet address not registered with any crypto asset service provider, or by crypto asset service providers or financial institutions authorized to transfer crypto assets, that are located abroad and are not obliged to share information about the sender or recipient according to its legislation, must be carried out within a minimum of 48 hours. This period must be at least 72 hours for the first crypto asset withdrawals.
d. New transaction limits
In light of the new developments, a limit of USD 3,000 per day and USD 50,000 per month have been introduced for transfer and withdrawals transactions of crypto assets that aim to maintain a stable value by referencing another value, right or a combination thereof that includes an official currency (stablecoins) intermediated by crypto asset platforms. For other transactions and those realized through crypto asset platforms, these limits are set at USD 6,000 per day and USD 100,000 per month. Exceeding these limits will constitute a violation of Communiqué No. 29.
e.Transaction disclosure obligation
With this regulation, crypto asset platforms are obliged to receive a minimum 20-character description of the nature of the transaction from their customers in all transfer transactions they intermediate.
We would like to note that the Draft General Communiqué of the Financial Crimes Investigation Board (Communiqué No: 30), published on the MASAK website on August 1, 2025, introduces new criteria regarding the requirement to obtain clarification on the nature of transactions in cash operations, electronic transfers, and remittances. These measures are planned to enter into force on January 1, 2026. You can review our Legal Alert prepared for more detailed information here.
f. New time and limit exceptions
For crypto asset transfers that are confirmed to be conducted for the purposes of generating liquidity, market making activity or intermarket arbitrage, the time restrictions set forth in the third paragraph of Article 4 and the limit restrictions set forth in the fourth paragraph of Article 4 of Communiqué No. 29 may not be applied to the platforms, if the platform’s board of directors’ approval is obtained for each customer.
To benefit from this exemption, it is necessary to take measures to identify the customer and to regularly obtain information regarding the source of the assets and documents, including account details from banks or other platforms. In this context, crypto asset platforms are obliged to continuously monitor and control their clients.
Where it is understood that the transactions are not for liquidity generation, market making or intermarket arbitrage transactions, time and limit restrictions should be applied immediately.
g. Transfer restrictions on custody institutions
Transfers to be made by the custody institutions[2] on behalf of platform customers will be subject to the restrictions in Article 4 of Communiqué No. 29.
h. Certain restrictions will be lifted for certain transfers between platforms and custody institutions
The measures set forth in Article 4 of Communiqué No. 29 and explained in the Section 2 herein, will not be applicable for transfers between platforms and custody institutions arising from capital markets legislation.
- Penalties for violating the new regulations under Law No. 5549
For a violation of Communiqué No. 19, an administrative fine of TRY 453,342 for the violations occurred in 2025 will be imposed for crypto asset service providers defined as financial institutions on the grounds of violation of know-your-customer obligations as a result of violations of remote identification, pursuant to the first paragraph of Article 13 of Law No. 5549 on Prevention of Laundering Proceeds of Crime (“Law No. 5549”). These administrative fines are subject to revaluation every year.
For a violation of Communiqué No. 29 related to know your customer obligation under Law No. 5549, the first paragraph of Article 13 of Law No. 5549 may be applicable. For details regarding the first paragraph, please review the preceding paragraph. For a violation of Communiqué No. 29 related to monitoring and control, risk management systems and other measures under Law No. 5549, the second paragraph of Article 13 of Law No. 5549 may be applicable. Likewise, separate sanctions may always be applicable depending on the specific circumstances. Within the context of the second paragraph, for a violation of the enhanced measures listed above, a written warning will be given to the crypto asset service providers and they will be provided a period of at least 30 days to remedy the deficiencies. If the deficiencies are not remedied at the end of this period, an administrative fine of TRY 3,777,903 will be imposed on the relevant crypto asset service provider. With the notification of the administrative fine, a new period of at least 60 days will be given through a written warning. If the deficiencies are not completed at the end of this period, an administrative fine of twice the amount of the first administrative fine (TRY 7,555,806) will be imposed. If the deficiencies are not rectified within 30 days following the notification of the second administrative fine, the matter will be referred to the relevant institution to take measures to suspend or restrict the activities of the crypto asset service provider for a certain period of time or to revoke its operating license. In addition, pursuant to the third paragraph of Article 13 of Law No. 5549, one-quarter of the administrative fine will be imposed on the responsible board member or senior manager, if the warnings specified in the second paragraph are made and the deadlines are complied with. These administrative fines are subject to revaluation. Likewise, separate sanctions may always be applicable depending on the specific circumstances.
For completeness, if a breach of these regulations also constitutes or is suspected to constitute a breach of another regulatory framework, this breach may result in the imposition of additional sanctions under the relevant framework, in addition to the penalties described here.
Conclusion
Communiqué No. 28 and Communiqué No. 29 introduced regulations on remote identification for crypto asset service providers and enhanced the measures to be taken by crypto asset service providers to prevent laundering proceeds of crime and financing of terrorism, respectively.
Failure to comply with the abovementioned regulations on remote identification and enhanced measures may result in administrative fines and a revocation of the operating license. Therefore, it is essential for obliged parties to align their operations to comply with the legal framework to avoid potential sanctions.
[1] Platform, as defined in subparagraph (dd) of the first paragraph of Article 3 of Law No. 6362, refers to the institutions where one or more of the crypto asset trading, initial sale or distribution, clearing, settlement, transfer, custody and other transactions that may be determined.
[2] Custody institutions, as defined in subparagraph (s) of the first paragraph of Article 4 of the Communiqué on the Establishment and Operating Principles of Crypto Asset Service Providers (III-35/B.1), refers to the institution authorized by MASAK to provide crypto asset custody services.
