MASAK (Mali Suçları Araştırma Kurulu — Financial Crimes Investigation Board) and SPK (Sermaye Piyasası Kurulu — Capital Markets Board) are two of Turkey’s most critical regulatory bodies for businesses operating in the financial sector. Whether you are running a cryptocurrency exchange, a financial services company, or a business in any designated sector, understanding and complying with MASAK and SPK requirements is essential. This guide by Attorney Bilal Alyar (Istanbul Bar Association, Reg. No: 54965) provides a detailed analysis of AML/KYC compliance in Turkey in 2026.

MASAK’s enforcement capabilities have expanded significantly since Turkey was placed on the FATF grey list in October 2021. The subsequent action plan has led to: stronger beneficial ownership transparency requirements, enhanced STR analysis, improved international cooperation mechanisms, and more aggressive prosecution of money laundering cases. For crypto asset service providers, MASAK compliance is a prerequisite for SPK licensing. For businesses in all regulated sectors — banking, insurance, real estate, precious metals, and newly formed companies — understanding and implementing MASAK’s requirements is not optional but a legal obligation with serious consequences for non-compliance.

What Is MASAK?

MASAK is Turkey’s Financial Intelligence Unit (FIU), established under the Ministry of Treasury and Finance. It is the central authority for preventing money laundering (ML) and terrorism financing (TF) in Turkey. MASAK’s powers include: receiving and analyzing suspicious transaction reports (STRs), ordering the freezing of assets suspected of being connected to ML/TF, conducting compliance examinations of obligated entities, imposing administrative sanctions, and coordinating with international FIUs through the Egmont Group.

MASAK’s authority was significantly expanded following Turkey’s action plan with the Financial Action Task Force (FATF). Turkey was placed on the FATF grey list in October 2021 and has since implemented numerous legislative and regulatory reforms to address identified deficiencies. These reforms have strengthened MASAK’s enforcement capabilities and expanded the range of obligated entities.

KYC (Know Your Customer) Requirements

All obligated entities in Turkey must implement comprehensive KYC procedures. These include: identity verification before establishing a business relationship (using government-issued ID, passport, or MERNIS data), beneficial ownership identification — determining the ultimate beneficial owners (UBOs) of legal entities (any natural person holding 25% or more of a company), enhanced due diligence (EDD) for high-risk customers including politically exposed persons (PEPs), ongoing monitoring of business relationships and transactions, and record keeping for at least 8 years after the relationship ends.

For crypto asset service providers, KYC requirements are particularly stringent. Platforms must verify customer identity before allowing any transaction, with no anonymous accounts or wallets permitted. The Travel Rule (requiring originator/beneficiary information for transfers above certain thresholds) also applies to crypto transfers.

Suspicious Transaction Reports (STRs)

Obligated entities must file STRs with MASAK within 10 business days of forming a suspicion that a transaction involves the proceeds of crime, money laundering, or terrorism financing. Key points: There is no minimum transaction threshold for STRs — suspicion alone triggers the obligation. Filing an STR does not require certainty — reasonable suspicion is sufficient. The entity must not inform the customer that an STR has been filed (tipping-off prohibition). Failure to file an STR when warranted carries administrative fines of up to 2 million TRY and potential criminal liability for compliance officers.

Account Freezing and Unfreezing

MASAK has the power to freeze financial assets (bank accounts, crypto wallets, securities) administratively, without a court order, for an initial period of 7 days in terrorism financing cases. For money laundering cases, freezing requires a court order, though MASAK can request urgent (ex parte) orders from criminal courts. The affected person has the right to challenge the freeze through administrative and judicial channels. The unfreezing process involves: (1) filing an objection to MASAK explaining the legitimate source of funds, (2) providing supporting documentation, (3) if MASAK rejects the objection, appealing to the administrative court, (4) if criminal proceedings are initiated, challenging the freeze within the criminal case.

SPK/CMB Regulatory Framework

The SPK (Capital Markets Board) regulates Turkey’s capital markets, including securities, investment funds, and — since Law No. 7518 — crypto asset service providers. SPK’s regulatory powers include: licensing and supervision of market participants, issuing binding regulations and communiqués, conducting inspections and investigations, imposing administrative fines and sanctions, and referring criminal violations to prosecutors.

AML Program Requirements for Businesses

All obligated entities must establish a written AML compliance program that includes: a compliance officer appointed at the management level, written policies and procedures for customer identification, transaction monitoring, and STR filing, risk assessment methodology covering customer, product, geographic, and delivery channel risks, employee training program (initial and ongoing), and internal audit function to test the effectiveness of the program. MASAK has the authority to examine these programs and impose sanctions for deficiencies.

FATF Compliance and Turkey’s Status

Turkey has been on the FATF’s increased monitoring list (grey list) since October 2021, working through an action plan that includes: strengthening beneficial ownership transparency, enhancing the effectiveness of STR analysis, improving international cooperation, and demonstrating effective investigation and prosecution of ML/TF cases. Progress has been positive, and Turkey may be removed from the grey list following the completion of remaining action items. For businesses, being in a grey-listed country means enhanced scrutiny from international correspondent banks and business partners.

Sanctions Screening Obligations

Turkish entities must screen customers and transactions against: UN Security Council sanctions lists, Turkish national sanctions lists maintained by MASAK, and, while not legally required by Turkish law, many international businesses also screen against EU and US OFAC lists for commercial reasons. Failure to comply with UN/Turkish sanctions carries criminal penalties including imprisonment. Businesses should implement automated screening systems that check against updated lists in real time.

Compliance Officer Responsibilities

The designated compliance officer bears personal responsibility for the entity’s AML program. This includes: ensuring all staff are trained and understand their obligations, reviewing and approving STR filings, maintaining direct communication with MASAK, overseeing the implementation of KYC and monitoring procedures, and reporting to senior management on compliance matters. The compliance officer cannot be dismissed or penalized for filing STRs in good faith.

Penalties for Non-Compliance

Administrative penalties range from warning letters to fines of up to 5 million TRY per violation. Criminal penalties for money laundering (TCK Article 282) include imprisonment of 3-7 years and a judicial fine of up to 20,000 days. Terrorism financing (Law No. 6415) carries imprisonment of 5-10 years. Operating without required licenses (e.g., crypto CASP without SPK license) carries imprisonment of 2-5 years. Directors, compliance officers, and beneficial owners can face personal liability.

Frequently Asked Questions

Which businesses are obligated to comply with MASAK?

Obligated entities include: banks and participation banks, insurance companies, capital markets intermediaries, crypto asset service providers, notaries, certified public accountants, real estate agents, precious metal dealers, lawyers (for certain transactions), and companies operating in free trade zones. The full list is maintained in MASAK’s regulations.

How quickly must I report a suspicious transaction?

STRs must be filed within 10 business days of the suspicion forming. For terrorism financing, immediate reporting is required. In practice, faster reporting demonstrates good compliance culture and can protect the entity from regulatory criticism.

Can MASAK freeze my account without a court order?

For terrorism financing cases, MASAK can freeze assets administratively for up to 7 days without a court order. For money laundering cases, a court order is required, but MASAK can obtain urgent ex parte orders within hours. In both cases, the affected party has the right to challenge the freeze.

What should I do if my company receives a MASAK examination notice?

Cooperate fully with MASAK examiners. Assign your compliance officer as the primary contact. Prepare all requested documents promptly. Consider engaging legal counsel experienced in MASAK matters to advise during the examination. Do not destroy, alter, or conceal any documents. Contact our office at +90 545 199 25 25 for immediate guidance.

MASAK’s Organizational Structure and Powers

MASAK (Mali Suçları Araştırma Kurulu — Financial Crimes Investigation Board) was established under Law No. 5549 on Prevention of Laundering of Proceeds of Crime. It operates under the Ministry of Treasury and Finance and serves as Turkey’s Financial Intelligence Unit (FIU) within the Egmont Group network. MASAK’s organizational units include: the Analysis Department (receiving and analyzing STRs, producing financial intelligence), the Compliance Department (examining obligated entities’ AML programs, conducting on-site inspections), the International Relations Department (processing MLA requests, coordinating with foreign FIUs through the Egmont Secure Web), the Regulation Department (drafting AML/CFT regulations and guidance), and the IT Department (maintaining the transaction monitoring and analysis systems, developing blockchain analytics capabilities). MASAK processes over 200,000 suspicious transaction reports annually and coordinates with law enforcement agencies (police, gendarmerie, prosecution) for criminal investigations.

KYC/CDD: Detailed Requirements for Obligated Entities

MASAK’s KYC (Know Your Customer) and CDD (Customer Due Diligence) requirements under the MASAK Regulation (Tedbirler Yönetmeliği) establish three tiers of due diligence: Simplified CDD: Available for low-risk customers and transactions below certain thresholds. Basic identity verification through government databases (MERNIS for Turkish nationals, passport verification for foreigners). Standard CDD: Required for all business relationships and transactions above 75,000 TRY. Includes: identification and verification of the customer using government-issued ID documents, identification of beneficial owners (UBOs) — natural persons who ultimately own or control 25%+ of a legal entity, understanding the purpose and intended nature of the business relationship, and ongoing monitoring of transactions and activities. Enhanced CDD (EDD): Required for: Politically Exposed Persons (PEPs) and their family members/close associates, customers from FATF high-risk countries, complex or unusual transactions without apparent economic purpose, correspondent banking relationships, and any customer or transaction assessed as high-risk under the entity’s risk-based approach. EDD measures include: senior management approval for establishing/continuing the relationship, additional source-of-wealth and source-of-funds documentation, and more frequent monitoring reviews.

Suspicious Transaction Reporting: What Triggers an STR

MASAK’s STR requirements are broadly drafted to cast a wide net. An STR must be filed whenever an obligated entity has reasonable grounds to suspect that: a transaction involves the proceeds of crime (regardless of the predicate offense), assets are related to terrorism financing, a transaction is structured to avoid reporting thresholds, a customer provides false or misleading identification, or a transaction is inconsistent with the customer’s known financial profile. Common scenarios that trigger STRs in practice: rapid round-trip transactions (deposit followed by immediate withdrawal or transfer), transactions involving cash-intensive businesses with no apparent economic purpose, transfers to or from known high-risk jurisdictions, significant discrepancy between declared income and transaction volume, and for crypto platforms — transfers to/from mixing services, darknet-associated wallets, or sanctioned addresses. Filing deadline: 10 business days from the formation of suspicion (immediate for terrorism financing). The tipping-off prohibition (TCK Article 282/4) makes it a criminal offense to inform the customer that an STR has been filed — violation carries 1-3 years imprisonment.

Account Freezing: MASAK’s Most Powerful Tool

MASAK’s asset freezing powers are the most impactful enforcement tool, directly affecting thousands of individuals and businesses annually. Two mechanisms: Administrative freeze (idari tedbir, Law 5549 Article 19/A): For terrorism financing cases, MASAK can freeze assets immediately, without a court order, for up to 7 days. If the investigation continues beyond 7 days, a court order is required. Judicial freeze (yargısal tedbir): For money laundering cases, MASAK requests a freeze order from the Criminal Court of Peace (Sulh Ceza Hakimliği). Ex parte orders (without hearing the account holder) are routinely granted in urgent cases. Scope: MASAK freeze orders apply to all financial institutions in Turkey — banks, crypto exchanges, brokerage firms, and insurance companies must comply immediately upon receipt. The freeze covers all assets: bank accounts (TRY and foreign currency), crypto exchange accounts, securities/brokerage accounts, insurance policies with cash value, and safe deposit boxes. Challenging a freeze: file an objection to MASAK with documented proof of the legitimate source of funds, if rejected, appeal to the Criminal Court of Peace (itiraz), and if criminal proceedings are initiated, challenge the freeze within the criminal case. Response time is critical — some freeze orders have automatic review periods, and early engagement with experienced counsel significantly improves outcomes.

FATF Compliance and Turkey’s Grey List Status

Turkey was placed on the FATF’s increased monitoring list (commonly known as the “grey list”) in October 2021, following a mutual evaluation that identified strategic deficiencies in Turkey’s AML/CFT framework. The action plan includes: strengthening beneficial ownership transparency (a new UBO registry has been established), enhancing the effectiveness of STR analysis and dissemination, improving international cooperation in asset recovery and information sharing, demonstrating effective investigation and prosecution of money laundering and terrorism financing, and improving risk-based supervision of non-financial businesses and professions. Progress has been positive — Turkey has reported substantial completion of action items, and removal from the grey list is anticipated following completion of remaining items. For businesses, grey list status means: enhanced due diligence by international correspondent banks when processing Turkey-related transactions, potential delays in international wire transfers, increased compliance costs for Turkish entities transacting internationally, and reputational considerations for foreign companies establishing in Turkey. These impacts are expected to diminish significantly upon Turkey’s exit from the grey list.

Compliance Program Requirements

All obligated entities must establish a written AML compliance program (uyum programı) that includes: Compliance officer: Appointed at senior management level, registered with MASAK, bearing personal responsibility for the entity’s AML program. Cannot be dismissed or penalized for filing STRs in good faith. Written policies and procedures: Covering all aspects of CDD, transaction monitoring, STR filing, sanctions screening, record keeping, and employee training. Risk assessment: A documented assessment of ML/TF risks covering customer types, products/services, geographic exposure, and delivery channels. Updated at least annually and whenever there is a material change in the risk profile. Employee training: Initial training for all new employees within 30 days of hiring, annual refresher training for all relevant staff, and specialized training for compliance officers and senior management. Training records must be maintained for MASAK inspection. Internal audit: Independent testing of the compliance program’s effectiveness, conducted at least annually. Audit findings and remediation actions must be documented and available for MASAK review. Record keeping: All CDD documentation, transaction records, STR files, and training records must be retained for at least 8 years after the business relationship ends.

Penalties for Non-Compliance

MASAK enforcement follows a graduated approach: Administrative penalties: Warning letters for minor deficiencies, administrative fines of 29,503 TRY to 5,900,679 TRY per violation (2026 figures — adjusted annually for inflation), and temporary or permanent revocation of operating licenses. Criminal penalties: Money laundering (TCK Article 282): 3-7 years imprisonment and judicial fine of up to 20,000 days. Terrorism financing (Law No. 6415): 5-10 years imprisonment. Failure to file STR (Law 5549 Article 14): administrative fine + potential criminal liability for the compliance officer. Tipping-off (TCK Article 282/4): 1-3 years imprisonment. Operating without required AML registration: administrative fines and potential business closure. Directors, compliance officers, and beneficial owners can face personal liability for systematic compliance failures — this is not merely a corporate fine but a personal criminal risk.

Additional MASAK FAQ

How often does MASAK inspect companies?

MASAK conducts both scheduled and unannounced inspections. High-risk sectors (banking, crypto, money transfer) face more frequent examinations — annually or semi-annually. Lower-risk obligated entities (notaries, accountants, real estate agents) may be inspected every 2-3 years. Inspections typically last 1-5 days and cover: CDD file sampling, transaction monitoring system testing, STR filing history, training records, and compliance officer reports to senior management. Cooperation with MASAK inspectors is mandatory — obstruction is a criminal offense.

What should I do if I receive a MASAK inspection notice?

Immediately: assign your compliance officer as the primary contact, alert senior management, and consider engaging legal counsel experienced in MASAK matters. Prepare: all requested documents (CDD files, monitoring reports, training records, policy documents), access to your transaction monitoring system for the inspection team, and a dedicated workspace for the inspectors. During the inspection: cooperate fully, answer questions honestly, provide documents promptly, and document all requests and responses. Do not: destroy, alter, or conceal any documents, attempt to influence inspectors, or provide incomplete information. Contact our office at +90 545 199 25 25 for immediate guidance on MASAK inspection preparation.

Real Estate Sector AML Obligations

Real estate agents and brokers (emlakçılar) are designated obligated entities under MASAK regulations. Their AML obligations include: customer identity verification for all property transactions, reporting suspicious transactions to MASAK (e.g., properties purchased significantly above market value, cash-heavy transactions, purchases by PEPs without clear source of funds), and record keeping for 8 years. Since the property market is a known channel for money laundering (particularly through citizenship investment purchases), MASAK has increased scrutiny of real estate transactions involving: properties purchased from sellers who themselves acquired citizenship through CBI, properties with rapid successive sales at escalating prices (potential money laundering chain), and transactions involving companies or trusts where the beneficial owner is obscured.

Crypto Platform AML: Deep Dive

Crypto asset service providers face the most stringent and rapidly evolving AML requirements among all MASAK-obligated entities. Beyond the standard KYC/CDD requirements, crypto platforms must implement:

Blockchain Analytics: Licensed platforms are expected to use blockchain analytics tools (Chainalysis, Elliptic, CipherTrace, or equivalent) to: score incoming transactions for exposure to high-risk wallets (darknet markets, sanctioned addresses, known fraud wallets), identify patterns consistent with mixing/tumbling services, flag unusually complex transaction chains designed to obscure the source of funds, and generate risk scores for each customer based on their on-chain activity. Wallet Verification: The concept of “wallet whitelisting” is emerging — where platforms verify that withdrawal addresses belong to the customer (self-hosted wallet verification) or to another regulated entity (exchange-to-exchange transfer). This is driven by the Travel Rule requirement and MASAK guidance on crypto-specific AML risks. Fiat On/Off-Ramp Monitoring: MASAK pays particular attention to the points where crypto meets the traditional financial system: large fiat deposits (especially cash deposits) followed by immediate crypto purchases, crypto-to-fiat conversions followed by rapid bank withdrawals or transfers, and patterns suggesting structuring (breaking large transactions into amounts just below reporting thresholds).

MASAK Inspection Process: What to Expect

MASAK conducts both scheduled and unannounced on-site inspections (yerinde denetim) of obligated entities. The inspection process:

Pre-Inspection: For scheduled inspections, MASAK issues a written notification (typically 1-2 weeks in advance) specifying the scope and requesting preliminary documents. For unannounced inspections (triggered by specific intelligence or STR analysis), no advance notice is given — MASAK inspectors arrive with official credentials and begin immediately. On-Site Activities (typically 1-5 days): Document review — MASAK inspectors examine a sample of CDD files, checking for: completeness of identification documents, beneficial owner identification for corporate clients, risk assessment categorization, and enhanced due diligence documentation for high-risk customers. System testing — inspectors may request live demonstrations of: transaction monitoring system alerts and resolution workflow, sanctions screening hits and false positive handling, and STR preparation and filing process. Staff interviews — compliance officers, front-line staff, and management may be interviewed about: their understanding of AML obligations, training received, and awareness of current ML/TF typologies. Post-Inspection: MASAK issues a written inspection report (denetim raporu) identifying: findings (positive and negative), recommendations for improvement, and, if applicable, administrative penalty recommendations. The entity has the right to respond to the report before penalties are finalized. If serious deficiencies are identified, MASAK may: impose immediate administrative penalties, require remediation within a specified timeframe, increase the frequency of future inspections, and in extreme cases, refer the matter for criminal investigation.

Beneficial Ownership Registry

Following Turkey’s FATF action plan commitments, a beneficial ownership (nihai yararlanan sahip) registry system has been established. Key provisions: all legal entities registered in Turkey must declare their beneficial owners (natural persons who ultimately own or control 25%+ of the entity) to the Trade Registry, the information is accessible to MASAK, tax authorities, and law enforcement (not publicly available as in some EU countries), beneficial ownership changes must be reported within 30 days, and failure to declare or providing false information carries administrative penalties. For newly formed companies, beneficial ownership declaration is now part of the initial registration process. This registry significantly enhances Turkey’s AML framework by eliminating the ability to hide behind complex corporate structures — a key concern identified in the FATF mutual evaluation.

Recent Enforcement Trends

MASAK’s enforcement activity has increased significantly in recent years: Volume: Over 200,000 STRs received annually (up from 50,000 five years ago). Over 5,000 account freeze orders issued annually. Over 500 administrative penalty decisions published. Focus Areas: Cryptocurrency — the fastest-growing area of MASAK enforcement, driven by the rapid expansion of the Turkish crypto market and the introduction of Law 7518. Trade-based money laundering — manipulation of trade invoices (over/under invoicing) to move value across borders, particularly in the gold and precious metals sector. Real estate — property purchases used to launder proceeds of crime, with particular attention to CBI-related transactions. Professional services — increased scrutiny of accountants, lawyers, and notaries who facilitate transactions for high-risk clients. International Cooperation: MASAK has significantly expanded its international cooperation, processing over 1,000 international information requests annually through: the Egmont Group Secure Web (real-time FIU-to-FIU information exchange), bilateral MLATs (Mutual Legal Assistance Treaties), and joint investigation teams with EU, US, and regional partners.

Building an Effective AML Compliance Program

For businesses operating in Turkey — whether in crypto, traditional commerce, or financial services — building an effective AML compliance program requires:

Risk Assessment Foundation: Start with a comprehensive ML/TF risk assessment covering: customer risk (nationality, business type, PEP status, sanctions exposure), product/service risk (cash-intensive products, cross-border transactions, anonymous services), geographic risk (high-risk countries per FATF, domestic high-risk areas), and channel risk (online vs. face-to-face, agent-originated vs. direct). Policy Framework: Written policies covering: CDD procedures (simplified, standard, enhanced), transaction monitoring rules and escalation procedures, STR identification and filing procedures, sanctions screening methodology, record keeping and data retention, and employee training requirements. Technology: Automated systems for: identity verification (integration with MERNIS for Turkish nationals, passport OCR/NFC for foreigners), transaction monitoring (rule-based and, increasingly, AI/ML-based anomaly detection), sanctions screening (real-time screening against updated lists), and case management (workflow for investigating alerts and preparing STRs). Governance: A compliance officer (uyum görevlisi) registered with MASAK, regular reporting to the board of directors/senior management, independent audit of the compliance program (at least annually), and metrics and KPIs tracking program effectiveness (alert volumes, investigation completion times, STR filing rates, training completion rates). Training: Initial AML training for all employees within 30 days of hiring, annual refresher training for all relevant staff, specialized training for compliance officers and senior management, and training records maintained for MASAK inspection. Contact our office at +90 545 199 25 25 for assistance in designing and implementing a MASAK-compliant AML program.

High-Risk Countries and Enhanced Due Diligence

MASAK’s risk-based approach requires enhanced scrutiny for transactions involving countries identified by the FATF as high-risk or under increased monitoring:

FATF High-Risk Jurisdictions (Call for Action — “Black List”): Countries with significant strategic deficiencies in their AML/CFT frameworks. As of 2026: North Korea, Iran, and Myanmar. Transactions involving these countries require: enhanced customer due diligence, senior management approval for any business relationship, and consideration of whether the business relationship should be maintained at all. MASAK applies additional restrictions beyond FATF requirements for certain countries subject to comprehensive Turkish/UN sanctions. FATF Jurisdictions Under Increased Monitoring (“Grey List”): Countries working with FATF to address strategic deficiencies. The grey list is updated at each FATF plenary (3 times/year). Implications: enhanced due diligence for transactions involving these countries, but no blanket prohibition. Turkish obligated entities should: screen all transactions against the current grey list, apply enhanced monitoring to customers from these jurisdictions, and document the additional due diligence measures applied. Turkey’s Own Grey List Status: Turkey was placed on the FATF grey list in October 2021. While significant progress has been made on the action plan, removal requires completion of all action items and a positive on-site assessment. For Turkish businesses, grey list status means: international correspondent banks apply enhanced due diligence to Turkey-related transactions, potential delays in international wire transfers, and increased compliance costs for Turkish entities with international operations.

PEP Screening: Politically Exposed Persons

MASAK requires enhanced due diligence for Politically Exposed Persons (PEP — Siyasi Nüfuz Sahibi Kişiler) and their family members and close associates. PEP categories under Turkish regulations: Foreign PEPs: Heads of state and government, senior politicians (ministers, parliamentarians), senior judicial or military officials, senior executives of state-owned enterprises, and senior officials of international organizations. Domestic PEPs: Turkish regulations extend PEP requirements to Turkish officials in equivalent positions. Family Members: Spouses, parents, children, siblings, and in-laws of PEPs. Close Associates: Business partners, beneficial owners of legal entities controlled by PEPs, and persons with close social connections. Enhanced Due Diligence Measures: Senior management approval for establishing/maintaining the relationship, enhanced source-of-wealth and source-of-funds verification, ongoing enhanced monitoring (more frequent transaction reviews, lower alert thresholds), and documentation of the rationale for maintaining the relationship. PEP status does not automatically disqualify someone from banking services or crypto exchange accounts — it triggers additional scrutiny and approval requirements. Practical challenge: PEP databases are not always complete or current. Turkish obligated entities should use multiple commercial PEP screening databases (World-Check, Dow Jones, Accuity) and supplement with open-source intelligence. For companies forming in Turkey with PEP shareholders or directors, the enhanced scrutiny applies from the initial account opening and continues throughout the relationship.

Beneficial Ownership Transparency: Turkey’s New Registry

Following FATF recommendations and Turkey’s action plan commitments, a comprehensive beneficial ownership (nihai yararlanan sahip — UBO) transparency framework has been implemented:

UBO Declaration Requirements: All legal entities registered in Turkey (AŞ, LTD, branches, foundations) must declare their beneficial owners — natural persons who: directly or indirectly own or control 25% or more of the entity’s shares or voting rights, exercise effective control over the entity through other means (board seats, management agreements, contractual rights), or are the natural person(s) on whose behalf a transaction or activity is being conducted. Registration Process: UBO declarations are filed with the Trade Registry as part of: initial company registration (for new entities), annual update (for existing entities), and within 30 days of any change in beneficial ownership. The information is accessible to: MASAK (full access for intelligence purposes), tax authorities (for transfer pricing and tax evasion investigations), law enforcement (through MASAK or direct court orders), and Trade Registry officials (for verification purposes). The registry is NOT publicly accessible (unlike some EU countries’ UBO registries) — access is restricted to competent authorities. Penalties for Non-Compliance: Failure to file UBO declaration: administrative fines. Filing false or misleading information: administrative fines plus potential criminal prosecution for fraud. For newly formed companies, UBO declaration is now integrated into the formation process — the MERSIS registration requires UBO information before completion.

Compliance Program Effectiveness: MASAK’s Evaluation Criteria

When MASAK conducts inspections, it evaluates not just the existence of a compliance program but its effectiveness — does the program actually prevent and detect money laundering? Key effectiveness indicators:

Risk Assessment Quality: Is the risk assessment comprehensive (covering customer, product, geographic, and channel risks)? Is it updated annually or when risk factors change? Does it reflect the entity’s actual business profile (not a generic template)? CDD Implementation: Sample testing of customer files: are identification documents complete and verified? Are beneficial owners identified for all corporate clients? Are risk ratings appropriate and consistently applied? Is enhanced due diligence documented for high-risk relationships? Transaction Monitoring: Are monitoring rules calibrated to the entity’s risk profile (not just default rules from a software vendor)? Alert investigation quality: are alerts investigated promptly, thoroughly, and with documented conclusions? Are false positive rates reasonable (too many false positives suggest poor calibration; too few suggest overly permissive rules)? STR Quality: Do filed STRs contain: sufficient detail for MASAK to pursue the lead, clear articulation of the suspicion indicators, relevant transaction data and customer information, and timely filing (within 10 business days)? Training: Are training records maintained? Is training content current (reflecting new typologies, regulatory changes)? Can front-line staff articulate their AML obligations when interviewed? Governance: Does the compliance officer have direct access to senior management/board? Are compliance reports presented to the board regularly? Is the compliance function adequately resourced (staff, technology, budget)? For entities seeking to demonstrate strong compliance culture — particularly crypto platforms applying for SPK licenses — MASAK inspection readiness is not just a regulatory obligation but a competitive advantage.

Real Estate Sector AML: Specific Requirements

Real estate agents, brokers, and developers are designated obligated entities under MASAK regulations, reflecting the sector’s vulnerability to money laundering. Specific requirements for the Turkish property market:

Customer Due Diligence: Identity verification for all parties in property transactions (buyers, sellers, and their representatives). For CBI property purchases, additional scrutiny applies: verify the source of the $400,000+ investment funds, confirm the buyer is not a PEP (or apply EDD if they are), and ensure the payment flows through the banking system (cash payments for CBI are not accepted). Suspicious Activity Indicators: MASAK has published specific indicators for the real estate sector: property purchased significantly above market value (potential laundering through inflated pricing), rapid successive sales at escalating prices (potential “chain” laundering), purchases through complex corporate structures where the beneficial owner is obscured, payments from third parties not involved in the transaction, and reluctance to use the banking system for payment. Reporting Obligations: Real estate professionals must file STRs with MASAK when any suspicious indicator is present — regardless of transaction value. Record keeping: all transaction documentation must be retained for 8 years. MASAK has increased inspections of real estate agents and developers in recent years, with particular focus on the CBI sector.

Contact Attorney Bilal Alyar at +90 545 199 25 25 or info@bilalalyar.av.tr for assistance with MASAK compliance program design, implementation, and inspection preparation.