Anti-Money Laundering (AML) Compliance in Turkey 2025: Complete Guide

Turkey's AML Framework: Law No. 5549

Turkey's primary anti-money laundering legislation is Law No. 5549 on Prevention of Laundering Proceeds of Crime, supplemented by the Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism. This framework establishes the obligations of obliged parties, supervision authorities, and reporting mechanisms.

The Financial Crimes Investigation Board (MASAK) — operating under the Ministry of Treasury and Finance — is Turkey's Financial Intelligence Unit (FIU) and the central authority for AML/CFT supervision. MASAK receives Suspicious Transaction Reports (STRs), analyzes financial intelligence, and coordinates with law enforcement and international FIUs.

In 2023 and 2024, Turkey significantly strengthened its AML framework through legislative amendments that brought the country into closer alignment with FATF Recommendations. Following these improvements, Turkey was removed from the FATF grey list in June 2024 — a milestone that significantly improved Turkey's standing with international financial institutions and correspondent banks.

The amendments particularly impacted the crypto asset sector, extending full AML obligations to Crypto Asset Service Providers (CASPs) and aligning Turkey's virtual asset regulation with FATF guidance on virtual assets and VASPs.

Who Must Comply?

Law No. 5549 defines "obliged parties" who must implement AML/CFT programs. These include:

Financial Institutions

• Banks (regulated by BDDK)
• Payment and electronic money institutions
• Currency exchange offices (döviz bürosu)
• Securities investment firms and portfolio management companies (regulated by SPK)
• Insurance companies and intermediaries
• Leasing, factoring, and financing companies
• Pension fund companies

Crypto Asset Service Providers (CASPs)

Since 2021, Turkish law has explicitly included crypto asset service providers in the scope of AML obligations. All platforms that offer crypto asset exchange, transfer, custody, or issuance services in Turkey must comply with full AML requirements, including KYC/AML programs, MASAK reporting, and the Travel Rule for crypto transfers.

Designated Non-Financial Businesses and Professions (DNFBPs)

• Real estate agents (for transactions above threshold)
• Precious metals and stones dealers
• Notaries
• Independent attorneys (for certain transaction types)
• Independent accountants and certified public accountants
• Tax advisors

Key Compliance Obligations

Customer Due Diligence (CDD)

All obliged parties must implement Customer Due Diligence procedures, which include:

• Identity verification: Collecting and verifying government-issued ID, residency information, and business registration documents for legal entities
• Beneficial ownership: Identifying and verifying the ultimate beneficial owners of legal entity clients, typically those holding 25% or more ownership
• Purpose of relationship: Understanding the nature and intended purpose of each business relationship
• Ongoing monitoring: Continuously monitoring the business relationship and transactions to ensure consistency with customer profiles

Enhanced Due Diligence (EDD)

Enhanced due diligence is required for higher-risk customers and situations, including:

• Politically Exposed Persons (PEPs) and their immediate family members
• Customers from high-risk jurisdictions identified by FATF
• Complex or unusually large transactions without apparent economic purpose
• Non-face-to-face customer onboarding (remote digital onboarding)
• Correspondent banking relationships

Transaction Monitoring

Obliged parties must implement systems capable of monitoring transactions and detecting suspicious patterns. Effective transaction monitoring programs include:

• Rule-based detection for structuring, layering, and integration patterns
• Behavioral analytics comparing transactions against customer risk profiles
• Real-time screening against sanctions and PEP lists (OFAC, UN, EU, Turkish lists)
• Threshold alerts for cash transactions above 7,500 EUR equivalent
• Cross-border transaction monitoring for unusual flow patterns

Suspicious Transaction Reports (STR)

When a suspicious transaction or activity is detected, obliged parties must file a Suspicious Transaction Report (STR) with MASAK. Key STR requirements:

• No tipping-off: Obliged parties must not inform the customer that a STR has been filed
• 5-day rule: STRs must generally be filed within the legally required timeframe of the triggering event
• Digital submission: STRs are filed through MASAK's electronic reporting portal (MASAK-BIMER)
• Record keeping: All STR-related documentation must be retained for at least 8 years

Record Keeping

Turkish AML law requires obliged parties to maintain comprehensive records of:

• All customer identification and verification documents
• Transaction records (date, amount, counterparties, reference numbers)
• Correspondence related to business relationships
• STRs and supporting evidence
• Training records

Records must be retained for a minimum of 8 years from the date of the transaction or termination of the business relationship.

Travel Rule for Crypto Assets

Turkey has implemented the FATF Travel Rule requiring CASPs to collect, verify, and transmit originator and beneficiary information for virtual asset transfers. CASPs must:

• Collect originator name, account identifier (wallet address or account number), and geographic address
• Collect beneficiary name and account identifier
• Transmit this information to the receiving CASP (or financial institution) simultaneously with the transfer
• Implement screening of transmitted information against sanctions lists

MASAK vs. FATF Requirements

Turkey's removal from the FATF grey list reflects substantial alignment between MASAK obligations and FATF's 40 Recommendations. Key alignment areas:

• Risk-based approach (RBA): Both frameworks require obliged parties to assess and manage ML/TF risk proportionally
• Beneficial ownership transparency: Turkey's Corporate registry now requires beneficial ownership disclosure aligned with FATF R.24 and R.25
• VASP regulation: Turkey's CASP framework aligns with FATF Guidance on Virtual Assets and VASPs (updated 2021)
• International cooperation: MASAK is a member of the Egmont Group, enabling systematic FIU-to-FIU information exchange
• Targeted financial sanctions: Turkey implements UN Security Council Resolution-based asset freezes and implements EU/US sanctions lists

Remaining divergences: Some areas of implementation still lag FATF best practice, particularly in the supervision of DNFBPs and resource allocation at supervisory authorities. International financial institutions conducting correspondent banking due diligence on Turkish entities should account for ongoing supervisory development.

Penalties for Non-Compliance

The consequences of AML non-compliance in Turkey are severe and have increased in recent years:

Administrative Fines

• Failure to file STR: 50,000 TL to 1,000,000 TL per violation
• Failure to implement CDD: 100,000 TL to 5,000,000 TL
• Failure to maintain records: 50,000 TL to 500,000 TL per deficiency
• Failure to establish an AML compliance program: 200,000 TL to 10,000,000 TL

Note: Fines are adjusted annually for inflation. Current amounts may differ; consult MASAK official guidance for current figures.

License Revocation and Operational Suspension

For systematic or repeated non-compliance, regulatory authorities (BDDK, SPK, MASAK) may:

• Suspend specific services or operations
• Revoke operating licenses
• Disqualify senior management
• Require remediation programs under regulatory supervision

Criminal Liability

Willful failure to comply with AML reporting obligations can result in criminal liability for responsible individuals, including imprisonment under Turkish Criminal Code provisions on financial crimes facilitation.

Technology Solutions for AML Compliance

Manual AML compliance processes are increasingly inadequate for the transaction volumes and regulatory expectations of 2025. io40 provides integrated KYC/AML technology solutions designed specifically for Turkish regulatory requirements:

Automated KYC/Identity Verification

• Real-time document verification (ID cards, passports, driving licenses)
• Biometric liveness detection and face matching
• Instant verification against Turkish national identity database (NVI)
• Corporate KYB: automated beneficial ownership extraction and verification

Transaction Monitoring Engine

• Rule-based and ML-powered anomaly detection
• Configurable risk scoring with audit trail
• Real-time sanctions screening (OFAC, UN, EU, MASAK, custom lists)
• PEP screening with global database coverage
• Adverse media monitoring

MASAK STR Filing Automation

• Automated STR generation with pre-populated MASAK-required fields
• Workflow management for analyst review and approval
• Direct integration with MASAK-BIMER electronic reporting portal
• Complete audit trail for regulatory examination

Compliance Reporting Dashboard

• Real-time compliance metrics and KRI/KPI monitoring
• Regulatory examination-ready reporting
• Board-level AML risk reporting
• FATF Travel Rule data management and transmission

io40's AML platform is deployed by payment institutions, crypto asset service providers, and fintech companies operating under Turkish regulatory supervision. Contact our compliance team for a demonstration and assessment of your current AML program gaps.

Frequently Asked Questions

What is MASAK in Turkey?

MASAK (Mali Suçları Araştırma Kurulu — Financial Crimes Investigation Board) is Turkey's Financial Intelligence Unit operating under the Ministry of Treasury and Finance. MASAK supervises AML/CFT compliance, receives Suspicious Transaction Reports, analyzes financial intelligence, and coordinates with international FIUs through the Egmont Group.

Who must comply with AML regulations in Turkey?

All "obliged parties" under Law No. 5549: banks, payment institutions, crypto asset service providers (CASPs), securities firms, insurance companies, currency exchange offices, real estate agents, notaries, lawyers (for certain transaction types), accountants, and precious metals dealers must implement AML programs.

What are the penalties for AML non-compliance in Turkey?

Administrative fines range from 50,000 TL to 10,000,000 TL per violation depending on the obligation breached. Systematic non-compliance can result in operational suspension, license revocation, and — for willful failures — criminal liability for responsible individuals.

What is the Travel Rule requirement in Turkey?

Turkey implements the FATF Travel Rule for crypto asset transfers, requiring CASPs to collect and transmit originator and beneficiary information (name, account identifier, geographic address) to the receiving CASP simultaneously with the transfer above the threshold amount.

How does MASAK compare to FATF?

Turkey's MASAK framework is substantially aligned with FATF's 40 Recommendations. Following legislative improvements in 2023–2024, Turkey was removed from the FATF grey list in June 2024. Some implementation gaps remain, particularly in DNFBP supervision.

What technology solutions exist for AML compliance in Turkey?

io40 provides integrated KYC/AML platforms including automated identity verification, behavioral transaction monitoring, real-time sanctions/PEP screening, MASAK-compliant STR filing automation, and audit-ready record management. Contact us for a compliance gap assessment.

Disclaimer: This content is for informational purposes only and does not constitute legal or financial advice. Consult qualified licensed professionals for specific guidance.