Regulation by Financial Crimes Investigation Board on Crypto Assets
Under the Regulation (Amendment Regulation) on Amendment to the Regulation on Measures Regarding Prevention of Laundering Proceeds of Crime and Financing of Terrorism (Principal Regulation), published in the Official Gazette and entered into force on 1 May 2021:
- Crypto Asset Service Providers were added to the list of Obliged Parties in the Principal Regulation; and, thanks to that,
- the term “Crypto Asset Service Providers” was defined by a regulation for the first time in Turkey, following the introduction of Crypto Assets by a different regulation by the Central Bank (please refer to our post, dated 20 April 2021 on the CB Regulation).
1. Who Are the Crypto Asset Service Providers?
The term Crypto Asset Service Providers was defined in the Crypto Asset Service Providers Guide (Guide), published on 4 May 2021 at the website of Financial Crimes Investigation Board (FCIB, or MASAK in Turkish), although it has not yet been defined by a piece of legislation, such as, law, regulation, or communique.
Financial Action Task Force (FATF), of which Turkey is a member, acknowledges crypto assets as virtual assets. FATF also defines the virtual asset service providers. To FATF, virtual asset service providers are those (real and legal persons) who deal with the following:
- exchange between virtual assets and fiat currencies;
- exchange between virtual assets;
- transfer of virtual assets;
- custody and/or management of virtual assets or the derivatives/instruments enabling control over virtual assets; or,
- offer, sale, or issuance of virtual assets.
Guide took the purchase/sale of virtual assets from the above catalogue and define Crypto Asset Service Providers as “those (real and legal persons) who serve as intermediaries for the purchase and sale of crypto assets over electronic transaction platforms.”
Accordingly, pursuant to the Amendment Regulation, the companies that are called in practice “crypto(currencies) assets exchanges” (or any other real or legal persons who serve in the same capacity and for the same purpose) are considered as Obliged Parties under the Principal Regulation.
Crypto Asset Service Providers consist of the following:
- the Crypto Asset Service Providers headquartered in Turkey; and,
- branches, agencies, representatives, commercial agents, and similar affiliated units in Turkey of the Crypto Asset Service Providers headquartered abroad.
In our opinion, Crypto Asset Service Providers should be defined from a broader and an inclusive perspectives, along with crypto assets, by a law, instead of Guide or a regulation, as a result of collective efforts of the relevant private and public stakeholders, e.g., Capital Markets Board, Banking Regulation and Supervision Agency, Central Bank, and FCIB, under the leadership of the Ministry of Treasury and Finance.
2. What are the Liabilities of Crypto Asset Service Providers?
a. Know Your Customer
Crypto asset exchanges in Turkey, such as, BtcTurk, Paribu, and BinanceTR, have already been implementing at their discretion various Know Your Customer (KYC) controls for a while by, for example, demanding the photographs, screenshots of IDs or electric, water, natural gas bills of customers for the ID verification, and eventually, the registration purposes.
Under the Amendment Regulation, KYC becomes a liability for crypto asset service providers.
b. Liabilities Under the General Communiqué on Financial Crimes Investigation Board
Pursuant to the General Communiqué on Financial Crimes Investigation Board, prepared by the Ministry of Treasury and Finance and published in the Official Gazette, dated 30 April 2021, a day before the publication of the Amendment Regulation:
- it is not mandatory to take a sample of customers’ signature during the remote ID verification while the signature sample by hand must be taken if the transaction is later made with the customer face to face;
- address and identity information obtained from the customer for the ID verification must be confirmed by conducting queries on the ID sharing system database of the General Directorate of Population and Citizenship of the Ministry of Interior Affairs; and,
- a risk assessment must be made about the customer. In addition to the information and documents as instructed by the Principal Regulation; purpose and nature of the business relationship (the purpose of opening an account, the demanded products, etc.); source of assets and source of the customer’s funds within the transaction; the average income of the customer; and the estimated monthly transaction volume and the estimated number of transactions within the prospective account must be collected, as well, from the customer.
c. Suspicious Transaction Reporting
Suspicious transaction is the case where there is any information, suspicion, or reasonable grounds to suspect that the asset, which is subject to the transactions carried out or attempted to be carried out within or through the Obliged Parties, has been acquired through illegal ways or used for illegal purposes and is used for terrorist activities or by terrorist organizations, terrorists or those who finance terrorism.
In case of a suspicious transaction, the Obliged Party must fill out the Suspicious Transaction Reporting Form in the first place, based on the information and results upon its investigation to the extent of its authority and capability, and then report it to FCIB within ten days after the suspicion arose, or immediately if any delay may cause harm.
d. Providing Information and Documents
The Obliged Party must wholly and accurately provide upon request all kinds of information, documents, the related records on any platforms, all details and passwords enabling access to such or making them readable, to the FCIB officials.
e. Retaining and Submitting
The Obliged Party must retain (i) documents, (ii) books and records, (iii) ID verification documents on all kinds of platforms for eight years as of the dates of execution or issuance, the last entry, and the last transaction, respectively, and provide such with the officials upon request.
f. Permanent Reporting
For the transactions to which the Obliged Party is a party or serves as an intermediary, the Obliged Party must report to FCIB the transactions that are exceeding the amounts determined by the Ministry of Treasury and Finance.
3. Fines
If the Obliged Party’s failure of its KYC, Suspicious Transaction Reporting, or Permanent Reporting liabilities is confirmed as a result of an inspection, administrative fine per transaction is imposed on it by FCIB.
There is an upper limit for the total amount of fine(s) per liability within a calendar year.
The upper limit is doubled in the following calendar year if the Obliged Party repeats its failure of the same type of liability which is also the subject matter of a fine in the previous calendar year.
The amounts of administrative fines and the upper limits for the breaches of the liabilities occurred in 2021 are as follows:
Type of Liability | Administrative Fine for a Single Violation (TRY) | Upper Limit (TRY) |
Know Your Customer | 30,000 | 4,000,000 |
Suspicious Transaction Reporting | 50,000 | 4,000,000 |
Permanent Reporting | 30,000 | 4,000,000 |