Anti-Money Laundering Compliance in Turkish Republic

The Turkish Republic has made significant advancements in the establishment of anti-money laundering regulations as well as the mechanisms for detecting and countering them in recent years. In 1996, the first instance of money laundering that was prosecuted as a financial crime in Turkiye took place. Since becoming operative, relevant laws and regulatory control mechanisms have expanded in breadth, quality, and efficacy.

The governmental sector, as well as financial and non-financial organizations, are subject to several requirements in this regard. With the most recent modifications, its scope has been broadened to include offenses involving the illegal trade of drugs, the smuggling of weapons and artifacts, financing of terrorism, counterfeiting, and human trafficking.

These financial crimes mostly include the purchase of high-value items like gold, real estate, and expensive automobiles, as well as international money smuggling or bank transfers, and are usually classified as suspicious transactions.

Transaction records must be kept, along with laws on Know Your Customer (KYC) and Suspicious Activity Reporting (SAR) processes, according to Financial Crimes Investigation Board regulations. These rules apply to other non-bank financial entities, such as wealth management firms, in addition to banks, fintechs and insurance providers.

What is an AML compliance program?

A financial institution’s internal processes, user-processing guidelines, account monitoring, detection, and reporting of money laundering instances are all included in an Anti-Money Laundering (AML) compliance program. AML compliance programs are designed to identify, address, and prevent any money laundering or terrorism financing, and fraud concerns.

Businesses must adhere to several rules to build a solid AML compliance program that helps to reveal criminal persons and prevents them from incurring non-compliance costs.

Anti-Money Laundering Compliance Program in the Turkish Republic

The Turkish regulation of compliance programs regarding obligations for Laundering the Proceeds of Crime and Prevention of Financing of Terrorism (‘Compliance Regulation’) specifies the requirements for compliance programs in the Turkish Republic. Only the parties listed below are required by the Compliance Regulation to establish and maintain a risk-based AML compliance program.

  • Banks,
  • Capital markets intermediary institutions,
  • Financial technology (FinTech) companies,
  • Insurance and retirement plan companies,
  • Factoring, financing and Financial leasing companies,
  • Payment and e-wallet companies,
  • The General Directorate of the Post and Telegraph Organization (pertaining only to banking activities),
  • Crypto money trading platforms and service providers,
  • Exchange houses,

To the extent permitted by their local jurisdiction, each type of covered compelled parties’ agents, branches, commercial representatives, or similar affiliates situated overseas would likewise be subject to the AML compliance program requirement.

In addition to the listed Financial Institutions, below entities are required to report Suspicious Activities to identify and prevent financial crimes obtained from Trade-Based Money Laundering.

  • Freight Companies,
  • Precious metals, stone or jewelry traders,
  • Real Estate/Property traders,

Scope of AML Compliance Program

The following activities are included in the risk-based AML compliance program’s scope: i) developing corporate policies and procedures; (ii) performing risk management; (iii) performing monitoring and controlling; (iv) designating a compliance officer and establishing a compliance unit; (v) carrying out training activities; and (vi) performing internal control activities. Compliance officers are responsible for monitoring and supervising operations as well as risk management. Additionally, the board of directors of the obligated parties is required to carry out such activities.

Corporate Policies and Procedures

By assessing customers, transactions, and services of obliged parties using a risk-based approach, corporate policy is intended to: i) ensure that obliged parties comply with their obligations regarding the prevention of the financing of terrorism and the laundering of the proceeds of crime; (ii) establish controls and measures within the institution, and (iii) minimize risks to be exposed.

Written versions of the company’s policies and procedures must be created under the compliance officer’s supervision and guidance. The approval of company policy is required from the board of directors. The Financial Crimes Investigation Board (‘MASAK’) must receive business policies and any updates thereto, under the Compliance Regulation, from compliance officers.

Risk Management Activities

Obligated parties are expected to establish risk management procedures while taking into account the institution’s size, business volume, and transactional nature. The goal of the risk management policy is to recognize, rank, monitor, evaluate, and reduce any potential risks. Customer identification procedures specified in the applicable anti-money laundering law must be included at the very least in internal measures and operational guidelines for risk management policies.

Monitoring and Controlling Activities

Another necessity for parties under obligation is to carry out monitoring and regulating operations while taking the institution’s size, its business volume, and the nature of its transactions into account. The main goal of monitoring and controlling activities is to protect required parties from risks and to make sure that their actions are taken in compliance with AML and company policies and procedures.

Compliance Officer and Compliance Unit

According to Article 16 of the Compliance Regulation, obligated parties are required to appoint a compliance officer. Following notification from the required parties, MASAK determines whether the applicable compliance officer candidate fulfills the requirements outlined in the Compliance Regulation. If not, the required parties must appoint a new compliance officer who satisfies the requirements.

 Training Activities

Obligated parties are required to create a training policy that covers topics including how training activities will be carried out, who will be in charge of doing so, how workers and trainers will be selected to engage in training activities, and how training will be conducted in Money Laundering Reporting Officer (MLRO) staff. Implementing a training policy is done to guarantee that duties under Turkish Anti-Money Laundering (AML) law are met and to make MLRO staff more aware of their commitments.

Internal Control

Obligated parties are required to make sure that the transactions are carried out by AML laws and corporate policies and procedures. They must also ensure that risk management, monitoring, and controlling activities, sufficient and effective training activities, and risk policy are all carried out annually and according to a risk-based approach. Internal control operations are carried out by internal control units and supervisory boards of required parties, who then submit their results to the board of directors.


In light of the above-mentioned, institutions subject to the Anti-Money Laundering (AML) Act are required to set up and carry out risk-based compliance plans commensurate to the scope and scale of their operations. Administrative sanctions and harm to the institution’s image might result from failing to comply with the AML compliance program’s development and administration in Turkish Republic.