Answer ... The main regulations and guides on anti-money laundering and counter-terrorist financing (AML/CFT) are as follows:
- the Law on Prevention of Laundering Proceeds of Crime (5549) (‘AML Law’);
- the Regulation on the Measures Regarding the Prevention of Laundering Proceeds of Crime and the Financing of Terrorism (‘AML Regulation’); and
- the Regulation on the Programme of Compliance with Obligations of Anti-money Laundering and Combating the Financing of Terrorism (‘AML Compliance Programme Regulation’).
Certain organisations listed in the AML Law and the AML Regulation are charged with helping to prevent money laundering and the financing of terrorism. They include:
- banks;
- payment institutions;
- e-money institutions;
- financing and factoring companies;
- asset management companies;
- financial leasing companies;
- brokerage firms;
- precious metals brokerage firms; and
- purchasers and sellers of precious metals, jewellery and stones.
The AML Law states that if there is any information, suspicion or reasonable grounds to suspect that assets which are the subject of transactions carried out or attempted to be carried out within or through such organisations have been acquired illegally or used for illegal purposes, these transactions must be reported to the Financial Crimes Investigation Board of Turkey (FCIB) by such organisations.
According to the AML/CTF Regulation, Turkish law will apply to crypto trading activities if:
- the trading platform is accessible in Turkey;
- the trading platform allows money transfers from Turkey and provides Turkish language support; and
- residents in Turkey can execute transactions on the exchange platform.
On 1 May 2021 the Financial Crimes Investigation Board of Turkey (FCIB) published the Guideline on Suspicious Transaction Reporting to determine which transactions are suspicious and must be reported to the FCIB.
In Version 1.03 of the guideline, which was previously in effect until 11 September 2019, “money transfers for buying Bitcoin from customer accounts to brokerage houses that sell Bitcoin” were described as suspicious transactions. Version 1.03 was replaced with Version 1.04 as of 11 September 2019. Version 1.04 prefers the term ‘cryptocurrency’ to ‘Bitcoin’, and no longer classifies cryptocurrency money transfers as suspicious transactions. Version 1.04 classifies the following transactions as suspicious:
- money transfers from customer accounts to domestic or international cryptocurrency exchanges or accounts of real or legal persons for the purpose of purchasing cryptocurrency at a frequency and in an amount that do not fit the customer’s financial profile; and
- transfers to customer accounts as a result of the sale of cryptocurrency whose source is unknown or that do not fit the customer’s financial profile.
As a result of the amendment made to Article 4 of the AML Regulation on 1 May 2021, crypto asset service providers are now included in the description of ‘obliged parties’.
In this regard, trading platforms are subject to certain requirements, as follows.
Identification of traders: Trading platforms must determine the identities of platform users before a transaction is executed. If a trading platform user executes certain transactions on the trading platform on behalf of a third party, the relevant service provider must also identify that third party.
The trading platform user or a third party must be identified if one of the following conditions is met:
- There is a continuous business relationship;
- The value of the transaction or of connected transactions is more than TRY 75,000;
- In the case of electronic transfers, the value of the transaction or of connected transactions is more than TRY 7,500;
- A suspicious transaction report is generated; or
- There are suspicions as to the adequacy or the accuracy of customer personal information that has previously been obtained.
To identify the traders, trading platforms must collect the following information and documents specified in the AML/CFT regulations:
-
For natural persons:
-
- name;
- surname;
- date of birth;
- place of birth;
- parents’ names;
- TR identity number for Turkish citizens;
- type of identity document (eg, passport, driver’s licence, official ID card) and number;
- address;
- sample signature;
- phone number (if available);
- fax number (if available);
- email address (if available); and
- occupation.
-
The trading platform must verify the identity of the person by requesting the identity document(s) and/or passport.
-
For legal entities registered with the trade registry:
-
- company name;
- company trade registry number;
- tax identity number;
- area of activity;
- address;
- phone number;
- fax number (if available);
- email address (if available); and
- name, surname, date of birth, place of birth, parents’ names, TR identity number for Turkish citizens, type of identity document and number and sample signature of the company’s authorised representative
Monitoring customer status and transactions: Trading platforms must:
- continuously monitor, within the scope of the permanent business relationship, whether the transactions performed by their customers are compatible with the customers’ profession, business activities, business history, financial status, risk profile and funding sources; and
- keep information, documents and records about their customers up to date.
Retention and submission of documents: Trading platforms must:
-
retain:
-
- all documents, including suspicious transaction reporting forms, books and records regarding their obligations and transactions for eight years from the date of issuance; and
- all identification documents for eight years from the last transaction date; and
- present these to the competent authority if required.
Suspicious transaction reporting: If there is any information, suspicion or reasonable grounds to suspect an unlawful acquisition or unlawful purpose of use of the assets that are the subject of a transaction carried out by or through a trading platform, the trading platform must notify the transaction to the Financial Crimes Investigation Board of Turkey (FCIB) within 10 business days at the latest from the date on which the suspicion arose regarding the transaction, and immediately for urgent cases.
Along with the Suspicious Transaction Reporting Guide (Crypto Asset Service Providers) released on 18 April 2022, the FCIB has provided crypto-asset service providers with extensive examples of suspicious transactions, such as the following:
- carrying out a high volume of transactions at short intervals in a newly opened account;
- using the split method to circumvent transaction limits;
- immediate transferring recently purchased crypto assets to another exchange, especially one operating in another jurisdiction with insufficient AML/CFT regulations;
- withdrawing crypto assets shortly after they are deposited on an exchange;
- converting crypto-assets into multiple crypto-assets soon after they are deposited on an exchange without reasonable grounds, such as portfolio diversification;
- withdrawing crypto assets to a private wallet shortly after they are deposited on an exchange;
- performing similar transactions on the same IP address in a short timeframe;
- accessing multiple accounts from the same IP address;
- creating multiple accounts from the same IP address;
- transferring assets from multiple persons to a single wallet in a foreign exchange;
- transferring assets from one account to multiple wallets on foreign exchanges;
- transferring assets from different accounts in foreign exchanges to a single wallet;
- making a very high initial investment in a new account, which is inconsistent with the account holder’s financial profile;
- investing a large amount of money and selling or withdrawing the entire amount that same day;
- sending crypto assets to wallets known to be used for illegal activities such as gambling or illegal betting, or sharing them for this purpose in forums;
- opening a new account at an IP that has previously been reported for suspicious transaction;
- transferring assets to a wallet owned by a person was previously the subject of a suspicious transaction report; and
- executing transactions for people who are well above the average age of platform users and who seem unfamiliar with the technologies relating to crypto-assets.
Trading platforms are under a confidentiality obligation, and thus may not disclose the contents of suspicious transaction reports to anyone, including the parties to the transaction, with the exception of auditors assigned to audit obligations and the courts during a trial.
Periodic reporting: Trading platforms must report transactions to which they are parties or intermediaries that exceed a threshold specified by the Ministry of Treasury and Finance to the FCIB.
Information and documents: When requested by the FCIB or examiners, trading platforms must provide:
- all kinds of information, documents and related records in all formats; and
- all information and passwords necessary to fully and accurately access and retrieve such information.
Trading platforms must retain all documents, books and records and identification documents in all formats for eight years from the date of issue, the last record date or the last transaction date; and must submit these on request. The starting date of the retention period for documents relating to customer identification is the closing date of the account.
E-notification: According to Article 9/A of the AML Law, the notifications required under the law may be submitted electronically and responses may be requested electronically, notwithstanding the procedures relating to electronic notification. Electronic notifications will be deemed complete when they reach the recipient’s side. The FCIB is also authorised:
- to construct new technical infrastructure or use existing technical infrastructure to require the use of electronic addresses for notification purposes and the provision of electronic responses; and
- to determine the procedures and principles relating to electronic notifications and responses.
AML compliance programme: Trading platforms should implement an AML compliance programme by adopting a risk-based approach and by:
- establishing corporate policies and procedures;
- conducting risk management activities;
- conducting monitoring and controlling activities;
- appointing a compliance officer and forming a compliance unit;
- conducting training activities; and
- conducting internal control activities.
Trading platforms should draft corporate policies that take into account:
- the size of the organisation;
- the business volume; and
- the type of transaction.
Under Turkish law, corporate policies should include at minimum risk management, monitoring and controlling, training and internal control policies.
Other than these specific regulations, general regulations on the prevention of money laundering and terrorist financing will apply to virtual currency trading platforms, such as the following offences set out in the Turkish Criminal Code:
- Laundering assets acquired through an offence: Anyone who, without participating in the commission of an offence, purchases, accepts, keeps or uses laundered assets while aware of their value and nature will be subject to imprisonment for between two and five years. Where a legal entity is involved in the commission of this offence, it will be subject to security measures specific to legal entities (Articles 282/2 and 282/5).
- Failing report an offence: If a natural person does not report a crime to the relevant authorities, he or she may be sentenced to up to one year’s imprisonment (Article 278).
- Purchasing or accepting property acquired through an offence: Anyone who purchases or accepts property which was acquired through the commission of an offence will be sentenced to imprisonment for between six months and three years and a judicial fine of up to 1,000 days (Article 165).
- Failure to provide information: Anyone who, having obtained property through a legal transaction, fails to notify without delay the relevant authorities responsible for upholding law and order upon becoming aware that such property has been acquired through the commission of an offence or as a result of an offence will be sentenced to imprisonment for up to six months or a judicial fine (Article 166).