Review of “Kripto Varlık Hizmet Sağlayıcılar Rehberi” (The Guide on Crypto Asset Service Providers) in 7 points

According to the sub-paragraph (ü) added by the Regulation amendment published on May 1, 2021, published on the Official Gazette No. 31471, “crypto asset service providers” are deemed liable in the scope of the Law Regarding the Prevention of Laundering of Crime Revenues No. 5549.

Legal Department of Paribu

As the leading crypto asset transaction platform of Turkey, we publish this text explaining the requirements and proposing recommendations below in order to elucidate the changes in the industries and actions to be taken.

  1. What does “liable” mean?

The professionals who are active in the industries listed in the Law Regarding the Prevention of Laundering of Crime Revenues No. 5549 Article 2 Clause 1 are considered “liable”.

Pursuant to the regulation related to making amendments published based on the Presidential Decree No. 3941 enforced and published in the Official Gazette on May 01, 2021, Crypto asset Service Providers are considered liable.

  1. What is the service provider of crypto assets?

The term “Crypto Asset Service Providers” is not defined in the relevant legislation.

However, the definition of crypto assets included in the Regulation on the Use of Crypto assets in Payments issued by the Central Bank of the Republic of Turkey that reads “they are intangible assets created virtually by utilizing distributed ledger or a similar technology and distributed via digital networks, however, which are not defined as fiat money, deposit, electronic money, payment tool, security or any other capital market instrument” is taken as the starting point.

In the text titled “the main principles for crypto asset service providers” published on May 4, 2021, “crypto asset service providers” are defined as “the providers functioning as intermediaries in the trading of crypto assets through electronic transaction platforms”.

As it is seen, the crypto asset platforms, where Paribu Teknoloji A.Ş. also active is and which are colloquially called “cryptocurrency market”, are in the scope of crypto asset service providers. Yet, cryptocurrency service providers are not limited to crypto asset platforms.

At this point, which works and transactions are included in the crypto asset service provider must be determined clearly. Because this matter constitutes the basis for the “identification” procedures, which are missing in the legislation.

The concept of crypto asset service provider bears a resemblance to the concept of VASP (Virtual Asset Service Providers) defined by FATF (Financial Action Task Force). When we take the concept of VASP as the starting point, it includes all organizations providing exchange between crypto assets and fiat assets, exchange of crypto assets with each other, crypto asset transfer, storage or management of crypto assets or the tools used to control on crypto assets, export, bidding or sale of cryptocurrencies in addition to crypto asset platforms.

Crypto asset service provider is a vast concept including crypto asset platforms as well.

  1. What are the obligations stipulated?

It would be good to know the liabilities imposed on crypto asset service providers with all the relevant details. Because all the liabilities defined by the Law Regarding the Prevention of Laundering of Crime Revenues No. 5549 and secondary legislations do not bind crypto asset service providers. Accordingly, these are the liabilities imposed:

  • Liability to Know Your Customer (KYC)
  • Liability to Report Suspicious Transactions
  • Liability to Provide Continuous Information
  • Liability to Provide Information and Documentation
  • Liability to Keep and Submit
  1. What is the liability to identify?

The liability to know your customer appears in the form of “the liability to identify”. The liability to identify should be dealt with specifically in the context of crypto asset platforms, and it would be more elucidative if we distinguish it from the liability to identify regarding other crypto asset service providers and if we examine it separately.

However, what needs to be first touched on here is the concept of “continuous business relationship“.

Since the crypto asset platforms, the field where Paribu Teknoloji AŞ operate as well, have to enter into a contract with the users before providing service to them and subsequent transactions can be executed in the scope of this new membership pursuant to this contract, the business relationship in question falls under the category of a continuous business relationship, and therefore, the liability of obligation must be fulfilled regardless of the relevant sum while entering into such a contract.


The relationship between crypto asset platforms and the user is a continuous business relationship. It is for this reason that crypto asset platforms have to identify all their users regardless of the relevant sum to fulfil the liability to know your customer.

  1. What kind of information will be asked from real persons?

During the identification for crypto asset platforms, the user’s name, surname, place of birth, date of birth, nationality, type of ID, ID number, address, job and occupation information, telephone number (if any), e-mail address (if any) and if the user is a Turkish citizen mother’s name, father’s name and Turkish Republic ID number need to be obtained.

  1. How will the liability to obtain the signature required for identification be fulfilled in practice?

The liability to identify also includes the condition of obtaining user’s signature. However, it is not possible to obtain the signature of every user by crypto asset platforms.

“The Liable Parties Performing Their Operations Exclusively in Electronic Environment” were stipulated on the Financial Crimes Investigation Board Serial No. 5 General Communiqué Article 2.2.10 and the liability to obtain users’ sample signatures is nullified on the conditions that they meet all the conditions set forth by this article. The conditions in question are listed below:

  • It is obliged to have entered into a contract allowing the execution of receipt and payment transactions regarding the offered goods or service in an electronic environment with a bank located in Turkey,
  • to have the identification information obtained by the membership application submitted in an electronic environment by the user confirmed by interrogating the General Directorate of Civil Registration and Citizenship,
  • to execute all receipts and payments through a bank in consistence with the identity details of the individual whose membership is accepted after the verification of his identity details.

The crypto asset platforms meeting all the conditions mentioned above and stipulated in Article 2.2.10 of the communiqué included in this article, shall have the right to exercise “Simplified Measures”. “Simplified Measures” are limited to these:

  • Liability to identify
  • Liability to identify for the individual acting on behalf of someone else
  • Liability to know the real beneficiary
  • Liability to monitor the status and transactions of the customer

The crypto asset platforms meeting all the criteria to take simplified measures will not have to identify the customer for every subsequent transaction.

  1. Can the business relationship be maintained in case the identification fails?

The topics of the business relationship and denying a transaction are stipulated by Article 22 of the Communique on Measures.

  • In cases where identification fails or where there is a lack of information about the purpose of the business relationship, the crypto asset platforms do not establish a business relationship and do not perform the demanded transaction. Therefore, no account can be opened anonymously or with a fictitious name.
  • If the identification and identity verification fails due to the doubt whether the user’s identity details obtained before are accurate and sufficient, the business relationship is terminated.

Pursuant to this regulation, crypto asset platforms must review the identity details of the users whose accounts had been opened before this obligation was imposed and must terminate their business relationships with the accounts which do not meet the conditions mentioned above immediately and close these user accounts.

With this endeavor aimed at offering a guide for industry stakeholders for quick adaptation, we tried to eliminate the confusion regarding the liability to identify and to elucidate the matter.

As a consequence of the goal to overcome the adaptation problems which may arise in practice, these should be kept in mind:

  • Crypto asset platforms have to identify all users without any monetary limit applied due to being in a continuous transaction relationship with them.
  • In case they meet the conditions, the provisions of the simplified measures are applied so that they do not have to obtain identification at every subsequent transaction, and they do not have to obtain the signatures of the users to open a user account.
  • From now on, differentiation confirmed/unconfirmed account will be needed in opening user accounts, and they are obliged to obtain identity details of the same level from all users.
  • Should the identity details of the existent users are insufficient or should there be doubts about its accuracy, they have to eliminate this deficiency urgently, otherwise they have to close the accounts by terminating the business relationship.
  • Apart from the liability to identify, they have to abide by the liability to report suspicious transactions, liability to provide continuous information, liability to provide information and documentation and liability to keep and submit as well.


Bu içerik en son 26 October 2022 tarihinde güncellenmiştir.


Türkiye’nin alanında öncü teknoloji şirketi ve lider kripto para işlem platformu.