TURKEY Law and Practice Contributed by: Sera Somay, Merve Kurdak and Doğa Pınarlı Dedebaş, Paksoy
service providers and electronic money institutions, including the power to regulate fees, charges, and capital and safeguarding requirements. • CMB: The CMB regulates capital markets activi - ties, including capital market instruments, public offerings, capital market institutions and exchang - es. In the fintech context, the CMB is the compe - tent authority for crypto-assets and crypto-asset service providers, setting the principles governing their establishment, operation and activities. • Ministry of Treasury and Finance/MASAK: The Ministry of Treasury and Finance exercises cross- sectoral oversight, including in relation to taxation and financial policy. Through the Financial Crimes Investigation Board (MASAK), it regulates and supervises compliance with AML and CFT obliga - tions. Where regulatory responsibilities overlap, co-ordina - tion between authorities applies in practice. By way of example, banks intending to offer crypto-asset custo - dy services are required to obtain a favourable prelimi - nary opinion from the BRSA, and, where relevant, the licensing of payment and electronic money institutions may similarly involve the BRSA’s input. This approach ensures that fintech participants are overseen by the appropriate authority in line with the nature of their activities, while maintaining co-ordination across intersecting regulatory mandates. 2.7 No-Action Letters In Türkiye, regulators do not issue “no-action letters”. Regulatory authorities such as the CMB may issue principle decisions clarifying how existing legislation will be interpreted or applied in practice, as well as transaction-specific clearance letters. 2.8 Outsourcing of Regulated Functions In general, industry participants may outsource only non-core and ancillary functions, provided that such outsourcing does not prevent the entity from fulfilling its legal obligations, complying with applicable regula - tions or being effectively supervised. For instance, banks may not outsource board-level functions, internal control, credit assessment/deci - sion-making, financial reporting and deposit-taking; payment and e-money institutions may not outsource
core payment services or e-money issuance; and crypto-asset service providers may not outsource board-level functions, licensed crypto services and their marketing, accounting, financial reporting, inter - nal audit, internal control or risk management. Outsourcing does not transfer regulatory respon - sibility; the regulated entity remains fully liable to its customers. Written agreements are required for outsourced services, and their minimum content is defined by applicable legislation. Moreover, service providers remain subject to the competent authority’s audit and information requests. They must comply with confidentiality and data protection obligations and, where relevant, duly report to the competent regulator in accordance with applicable procedures. 2.9 Gatekeeper Liability Under Turkish law, there is no formally defined or designated “gatekeeper” concept comparable to the approach taken in the EU. That said, financial entities such as banks, non-bank card issuers, financing and factoring companies, payment and electronic money institutions, and crypto-asset service providers are classified as “obligors” under Turkish AML legislation and are subject to a broad set of obligations such as customer due diligence and know-your-customer (KYC) requirements, transaction monitoring, estab - lishment of internal compliance programmes, record- keeping and suspicious transaction reporting. 2.10 Significant Enforcement Actions Regulatory authorities in Türkiye have broad and robust enforcement powers across the main fintech verticals, exercised within the limits of their respective legislation. For banks and other institutions subject to the supervision and oversight of the BRSA, the BRSA may impose significant administrative fines, order cor - rective and restrictive measures, revoke licences and pursue criminal sanctions for serious breaches. Pay - ment service providers and electronic money institu - tions are subject to similar enforcement by the CBRT, including administrative fines, temporary suspension or revocation of licences, and criminal liability for unauthorised activity or obstruction of supervision. Crypto-asset service providers fall within the CMB’s enforcement jurisdiction, and breaches such as the unauthorised provision of crypto-asset services or the
886 CHAMBERS.COM
Powered by FlippingBook