MASAK Updates its Guideline on Enhanced Due Diligence: Key Regulatory Changes and Compliance Implications

1. Overview

In September 2025, the Financial Crimes Investigation Board (MASAK) published the updated version of the “Guidelines on Enhanced Due Diligence”. This document provides essential guidance for obliged parties in the field of anti-money laundering (AML) and the fight against terrorism financing (CFT). The update aims to align Turkish compliance requirements with international standards while at the same time clarifying practical obligations for financial institutions, businesses, and other obliged entities.

The revised version introduces significant changes and clarifications that are particularly relevant for companies with compliance obligations in Turkey.

2. Key Updates and Compliance-Recommendations

a) Special Regulations for Crypto Asset Service Providers (CASPs)

  • With the communiqué published in the Official Gazette on June 28, 2025, CASPs were brought under the scope of MASAK and made subject to new enhanced measures.
  • Additional obligations have been introduced in areas such as withdrawal/transfer restrictions for crypto asset withdrawal transactions, source verification, and systemic risk control.
  • Specific thresholds and time limitations (for example, mandatory waiting periods for withdrawals) have been included in the new regulation for electronic transfers and withdrawal transactions.
  • CASPs are obliged to realign their systems with MASAK’s compliance framework.

Compliance-Recommendation: CASPs should upgrade transaction monitoring tools and integrate risk-based approaches.

b) High-Risk Customers, Countries, and Transactions

  • The updated guideline clarifies the concepts of “high-risk customer” and “high-risk country”.
  • Transactions with such customers require enhanced due diligence (EDD).
  • Technological risks (remote onboarding, e-signature, etc.) are now explicitly regulated.
  • Risk assessment and control mechanisms in financial relationships with counterparties operating abroad have been tightened.

Compliance-Recommendation: Financial institutions should flag transactions with high-risk jurisdictions and escalate them to senior compliance officers.

c) Customer Identification & KYC Obligations

  • KYC requirements have been broadened.
  • Ultimate Beneficial Owners (UBOs) must be identified in more detail and verified with up-to-date documentation.
  • Transfer requests with incomplete or suspicious customer information must result in rejection or request for additional documents.

Compliance-Recommendation: Digital onboarding solutions should integrate advanced identity verification tools.

d) Regulations for Politically Exposed Persons (PEPs)

  • The guideline expands the definition of “politically exposed person (PEP)” and the scope of measures to be taken when establishing business relationships with them.
  • Business relationships with PEPs require top-level approval and additional monitoring measures.
  • Continuous, risk-oriented monitoring is mandatory.

Compliance-Recommendation: Institutions should frequently update PEP databases and implement multi-level approval for sensitive transactions.

3. Why is this update important?

  • The updated MASAK guide emphasizes the need to strengthen the risk-based approach, establishing clearer compliance standards for obliged entities such as banks, non-financial sectors, and crypto asset service providers (CASPs).
  • It reduces regulatory uncertainties and expands systematic obligations aimed at preventing sanction risks, including enhanced transaction monitoring, suspicious activity reporting, and customer update obligations.
  • The update largely eliminates ambiguities in the crypto industry, increasing the adaptation pressure on entities operating in this field.
  • Ultimately, the new MASAK guide envisions a more transparent, detailed, and risk-oriented compliance culture across all obliged parties — from financial institutions to crypto asset providers.

4. Conclusion

The updated MASAK guidelines highlight the increasing importance of compliance and risk management for businesses in Turkey. Companies that take proactive steps will not only avoid penalties and reputational damage but also strengthen the trust of partners and investors.



Author: Beril Duman Erdebil