ARTICLE
24 March 2025

Secondary Regulations On Crypto Asset Service Providers Published

Sadık & Çapan

Contributor

Sadık & Çapan logo
Sadık & Çapan is an independent and a boutique law firm based in Istanbul, Turkey. With its experienced team, Sadık & Çapan provides legal advisory services to local and foreign corporations and banks, public companies, investment funds, brokerage firms, asset management companies, venture capital companies, individuals and start-ups, in the fields of banking and finance, securities and capital markets, corporate, commercial and employment laws. Our firm is highly qualified and skilled in advising public companies in their daily operations particularly about their regulatory filings, corporate governance activities, reporting and disclosure requirements and various securities offerings including IPOs, cross-border and domestic debt and equity offerings (DCM and ECM deals) involving Reg S/144A issuances, Sukuk transactions and also, highly specialized in different types of loan and security transactions, alternative financing models and financial and regulatory compliance matters.
Explore Firm Details
In the Official Gazette dated 2 July 2024 and numbered 32590, the Law on Amendments to the Capital Markets Law No. 7518 introduced additions concerning crypto assets to various articles of the Capital Markets Law No. 6362.
Turkey Technology
Nazlı Tönük Çapan and Seda Köprülü
Your Author LinkedIn Connections

In the Official Gazette dated 2 July 2024 and numbered 32590, the Law on Amendments to the Capital Markets Law No. 7518 introduced additions concerning crypto assets to various articles of the Capital Markets Law No. 6362 (the "CML"). Essentially, crypto asset service providers (the "CASPs") operating or intending to operate in Türkiye were brought under the scope of the CML, thus subjecting them to the regulatory and supervisory authority of the Capital Markets Board of Türkiye (the "CMB"). Following this, the CMB published the Principle Decision No. i- SPK.35.B (dated 8 August 2024, and numbered 42/1259) (the "Principle Decision I") in its bulletin No. 2024/38 dated 8 August 2024, and the Principle Decision No. i-SPK.35.B.1 (dated 19 September 2024 and numbered 1484) (the "Principle Decision II") in its bulletin No. 2024/48 dated 19 September 2024. These principle decisions set forth general principles regarding the crypto asset ecosystem, and it was anticipated that the secondary regulations pursuant to the CML would be published at the beginning of 2025.

In light of these developments, the awaited secondary regulations were published in the Official Gazette dated 13 March 2025 and numbered 32840, following the amendments made to the CML back in July 2024. The Communiqué on the Establishment and Operating Principles of Crypto Asset Service Providers No. III-35/B.1 (the "Communiqué No. III-35/B.1"), the Communiqué on the Operating Procedures and Capital Adequacy of Crypto Asset Service Providers No. III-35/B.2 (the "Communiqué No. III-35/B.2"), and the Communiqué on the Procedures and Principles Regarding the Management of Information Systems No. VII-128.10 (the "Communiqué No. VII- 128.10") were published by the CMB. These secondary regulations set forth the procedures and principles regarding the operations of CASPs, their founders and shareholders, share transfers, managers and personnel, organizational structures, internal audit, internal control and risk management systems, information systems and technological infrastructures, document recording systems, independent audits, services and activities they may provide, reserve proof audits, and share capital adequacy requirements. These secondary regulations establish the principles governing CASPs and their operations with a parallel scope and level of detail comparable to the regulatory framework applied to investment institutions under the CMB's regulations.

1.Regulations Introduced by the Communiqué No. III-35/B.1

1.1. Principles on the Establishment and Operating License of CASPs

Communiqué No. III-35/B.1 sets out the following requirements for the establishment of CASPs. Accordingly, CASPs should:

  1. be established as joint stock companies;
  2. have their shares registered and issued against cash;
  3. have their entire share capital paid in cash;
  4. have an initial share capital that complies with CMB regulations, ensuring that their equity capital is not less than their share capital;
  5. ensure that their articles of association comply with the CML and relevant regulations and that their business activities are exclusively limited to those authorized by the CMB;
  6. have a transparent and explicit shareholding structure; and
  7. have founders who fulfill the requirements set forth in the CML and relevant regulations.

According to Communiqué No. III-35/B.1, in addition to the aforementioned establishment requirements, CASPs engaged in crypto asset trading should include the phrase "crypto asset trading platform" in their trade names, while those providing crypto asset custody services should include the phrase "crypto asset custody institution" in their trade names.

In this framework, CASPs meeting the specified establishment requirements should apply to the CMB for an establishment permit. Following the granting of the establishment permit by the CMB, an application for an operating license should be submitted within six months. Failure to apply within this period will result in the loss of the right to apply for an operating license. CASPs applying for an operating license should meet the following requirements:

  1. the establishment conditions should not have been lost;
  2. the minimum share capital should have been fully paid in cash;
  3. the obligations stipulated in the CMB regulations regarding share capital adequacy for CASPs should be fulfilled;
  4. the organization structure required under Communiqué No. III-35/B.1 should be established, and the requirements regarding CASP personnel, as well as the general manager and their deputies, should be met;
  5. the security infrastructure should comply with the criteria set by the Scientific and Technological Research Council of Türkiye ("TÜBİTAK"), and units, systems, and functions related to internal audit, control, and risk management should be established in accordance with the relevant regulations;
  6. The infrastructure for storing private keys should be established in compliance with the principles set forth in Communiqué No. III-35/B.2, ensuring security and integration with distributed ledger networks; and
  7. The required technical and system integration tests with the Central Securities Depository ("CSD") should be completed.

In addition to the aforementioned requirements for obtaining an operating license, specific requirements have been introduced for CASPs engaged in crypto asset trading, initial sales or distribution, clearing, transfers, custody, and other designated transactions ("Platform"). These requirements are as follows:

  1. an agreement should be signed with at least one institution authorized by the CMB as a crypto asset custody institution, setting forth the rights and responsibilities of the parties, defining the process for information exchange necessary for fulfilling these duties, and ensuring the required technical processes and integrations within the framework of the reconciliation system;
  2. a bank account should be opened for customer funds;
  3. internal mechanisms should be established to ensure effective resolution of customer complaints and disputes, along with related procedures; and
  4. a price monitoring system along with related procedures should be established.

For banks applying for an operating license to provide crypto asset custody services, the general operating license requirements outlined above, such as maintaining the establishment requirements, fully paying the minimum share capital in cash, and meeting the conditions for general managers and their deputies under Communiqué No. III-35/B.1 are not required. Furthermore, for the CMB to evaluate applications submitted by banks for crypto asset custody services, a preliminary approval from the Banking Regulation and Supervision Agency ("BRSA") will be required.

1.2. Principles on Founders and Shareholders

Communiqué No. III-35/B.1 regulates the qualifications required for the founders and shareholders of CASPs, which are listed below. Accordingly, the founders and shareholders of CASPs:

  1. should not be declared bankrupt, should not have applied for concordat, should not have had a restructuring application approved through settlement, or should not have been subject to a postponement of bankruptcy decision under the Enforcement and Bankruptcy Law No. 2004 or under other relevant legislation;
  2. should not own 10% (ten percent) or more of the shares, either directly or indirectly, or have control in financial institutions that have been subject to liquidation, except for voluntary liquidation, or whose operating licenses have been revoked as specified in the relevant article of Communiqué No. III-35/B.1;
  3. should not have committed the offenses specified in the relevant article of Communiqué No. III-35/B.1 (e.g., bribery, theft, fraud, forgery, breach of trust);
  4. should not be subject to a trading ban under the CML;
  5. should not have been among those responsible for incidents leading to the revocation of an institution's operating license by the CMB;
  6. should not have received administrative fines for market disruptive actions; and
  7. should have the necessary financial strength, integrity, and reputation required for conducting business.

1.3 Principles on the Personnel and Managers of CASPs

Communiqué No. III-35/B.1 sets out the qualifications required for the personnel and managers of CASPs, as well as regulations pertaining to the composition of the board of directors. Within the scope of

Communiqué No. III-35/B.1, the term "manager" includes members of the board of directors, general manager, deputy general managers, managers at all levels overseeing units where personnel operate, and personnel working in positions between the manager and employees in such units (such as assistant managers, supervisors, directors, and similar roles).Accordingly, personnel and managers should meet all the conditions related to the founders and shareholders as specified in Article 6 of Communiqué No. III-35/B.1, except for the financial strength requirement. Unless otherwise specified, personnel and managers should hold a four-year undergraduate degree.

However, it has been regulated that an associate degree (i.e., two-year degree) is sufficient for operational personnel who do not manage reconciliation processes, as well as personnel responsible for system management, software development, testing/quality control, database management, and related IT support services.

In addition to the aforementioned requirements, additional conditions apply to the general manager and deputy general managers. Accordingly, the general manager and deputy general managers of CASPs should have at least seven years of professional experience in financial markets, information technology, financial technologies, or IT related fields and should possess the integrity and reputation required for the position. Their appointments require prior approval from the CMB. Additionally, the general manager should be exclusively employed for this role, residing in Türkiye, and appointed on a full-time basis. The general manager of a CASP may also serve as a member of the board of directors.

For banks providing crypto asset custody services, the aforementioned conditions do not apply to their general manager and deputy general managers. However, the relevant unit managers and personnel should meet the qualification requirements set for CASP personnel.

The board of directors of CASPs should consist of at least three members, with the majority holding a four-year undergraduate degree. Additionally, members of the board of directors, real persons representing legal entity board members, and individuals authorized to represent the CASP without being board members should meet the conditions set forth in Article 6 of Communiqué No. III-35/B.1 regarding founders and shareholders, except for the financial strength requirement, as summarized in Article 1.2 of this text.

1.4. Principles on Various Obligations of CASPs

The Communiqué No. III-35/B.1 introduces various obligations for CASPs. Among these, the provisions concerning changes in shareholding structure should be carefully taken into consideration. Accordingly, in CASPs, obtaining shares that directly or indirectly represent 10% (ten percent) or more of the share capital or voting rights of a CASP, or transactions resulting in a shareholder's ownership exceeding 10% (ten percent), 20% (twenty percent), 33% (thirty three percent), or 50% (fifty percent) of the share capital or voting rights, as well as transactions causing a shareholder's ownership to fall below these thresholds, are subject to the approval of the CMB. Additionally, transfers of privileged shares that grant representation on the board of directors or shares bearing usufruct rights, regardless of the percentage, are also subject to CMB approval. Share transfers carried out without obtaining approval from the CMB will be deemed invalid. However, share transfers that fall outside the aforementioned thresholds do not require prior approval but should be notified to the CMB within ten business days following the transaction. For banks providing crypto asset custody services, changes in shareholding structures that require approval from the BRSA are not subject to CMB approval under the framework mentioned above. However, such changes should still be notified to the CMB within ten business days. Furthermore, if a change in a bank's shareholding structure results in an indirect change in the shareholding structure of a CASP that is a subsidiary of the bank, this change should also be notified to the CMB within ten business days following the BRSA's approval.

One of the other significant obligations introduced for CASPs under Communiqué No. III - 35/B.1 concerns the companies in which they are permitted to invest/participate. CASPs may acquire shares in capital markets institutions, exchanges, precious metal brokerage firms, insurance companies, private pension companies, financial leasing, factoring, financing, savings financing, and asset management companies, as well as other financial institutions deemed appropriate by the CMB, without any limitations. However, CASPs should not acquire shares in companies where they hold more than 10% (ten percent) of the paid-in capital or where their executives individually or collectively own more than 25% (twenty five percent) of the share capital. Furthermore, the total participation of CASPs in companies other than those mentioned above should not exceed 25% (twenty five percent) of their equity capital.

Another significant obligation outlined in Communiqué No. III-35/B.1 concerns advertising and promotional activities. In line with the provisions of Principle Decision II, CASPs should ensure that any publication, announcement, advertisement, or promotional content regarding their services, distributed through written, visual, or electronic communication channels (including press, internet, radio, television, cinema, outdoor advertisements, and printed materials), is objective. They should not include misleading or false information, nor should they exploit customers' lack of experience. Moreover, unless explicitly permitted by legislation, CASPs should not provide absolute return guarantees or assurances against losses.

Additionally, CASPs are required to establish necessary units in compliance with Communiqué No. III-35/B.1 and other relevant regulations. These units should be structured to align with the scope and nature of their operations and be capable of responding to changing conditions effectively and efficiently. Examples include the establishment of internal audit, internal control, and risk management units. Furthermore, similar to the regulations applicable to investment institutions, CASPs should implement various policies, including; conflict of interest policy, ensuring fair and honest treatment of customers while maintaining market integrity, personnel policy, order execution policy and cash and crypto asset transfer policy.

1.5. Fundamental Principles on the Activities of CASPs

CASPs should conduct their activities in compliance with the general principles and rules set forth in Article 24 of Communiqué No. III-39.1 on the Principles Regarding the Establishment and Activities of Investment Institutions. Additionally, they should become members of the Turkish Capital Markets Association (TSPB) and operate in accordance with the CMB regulations to prevent the disruption of their critical activities.

Under Communiqué No. III-35/B.1, before engaging in transactions with customers, CASPs should enter into an agreement in writing or remotely through electronic communication tools, whether distance-based or not, using a method that the CMB recognizes as a valid substitute for a written agreement. They should also present a framework agreement along with a risk disclosure form containing minimum elements specified by the CMB. If the framework agreement is executed electronically, the customer's identity should be verified in compliance with the CMB's remote identity verification regulations before the agreement is executed.

A regulation parallel to the Principle Decision II has been introduced regarding the receipt of customer orders. Accordingly, CASPs should only accept customer orders via their official website or mobile application or through authorized operational personnel.

In order to ensure transparency, CASPs should establish a Public Disclosure Platform page. On this page and their website, they should provide trade registry information, their current shareholding and management structure, contact details including phone number, corporate address, and email address, activity reports, and details of the services they are authorized to provide.

Along with the regulations governing their activities, CASPs are also subject to prohibitions outlined in Communiqué No. III-35/B.1. Accordingly, CASPs should not engage in agricultural or industrial activities outside those permitted by the CMB, issue financial instruments that entail monetary commitments except in cases allowed by the legislation, conduct commercial real estate trading, accept deposits or participation funds, or carry out foreign exchange trading as part of commercial activities.

1.6. Principles on the Outsourcing of Services by CASPs

Communiqué No. III-35/B.1 introduces detailed regulations and significant limitations regarding outsourcing. Primarily, for outsourcing activities to be conducted, an agreement that meets the minimum requirements outlined in Communiqué No. III-35/B.1 should be executed. CASPs should not outsource activities that are exclusively required to be performed by the board of directors, the accounting and preparation of financial reports, activities related to internal audit, internal control, and risk management systems, as well as services and activities that require authorization from the CMB for their provision and marketing.

Services that are not directly involved in the provision of activities covered by the Communiqué No. III-35/B.1, including consultancy, training, advertising, security, catering, transportation, cleaning, legal services, legal consultancy, market data services, postal and courier services, the procurement, maintenance, repair, and updating of any technical equipment, fixtures, software, or hardware necessary for the internal daily operations of the institution, and archiving services, provided that customer information confidentiality is maintained, as well as similar other services, should not be considered within the scope of outsourcing.

1.7. Principles on the Transition Process

Platforms currently listed on the CMB's active entities list should apply for an operating license under Communiqué No. III-35/B.1 no later than 30 June 2025 and obtain an operating license by 30 June 2026. As part of the operating license application, a reserve proof report covering two different dates within the last two months preceding the application should be submitted, along with an independent audit report on information systems by 30 September 2025. Independent audits related to information systems beyond these initial requirements will first be conducted for the year 2026.

Entities that fail to apply for an operating license by 30 June 2025, and do not obtain an operating license by 30 June 2026, will be subject to the liquidation provisions outlined in the Communiqué No. III-35/B.1. Crypto asset custody providers listed on the CMB's active entities list that had applied before the publication date of the Communiqué No. III-35/B.1 should submit their operating license applications by 30 June 2025.

Framework agreements executed between customers and Platforms before the publication of the Communiqué No. III-35/B.1 should be renewed in compliance with the provisions of the aforementioned Communiqué by 31 December 2025.

2.Regulations Introduced by Communiqué No. III-35/B.2

2.1. Principles on the Capital Adequacy of CASPs

Communiqué No. III-35/B.2 introduces significant regulations regarding the minimum share capital and equity adequacy requirements for CASPs. Accordingly, the initial share capital requirement for Platforms should be 150,000,000 (one hundred fifty million) Turkish Liras, while the minimum initial share capital for crypto asset custody providers should be 500,000,000 (five hundred million) Turkish Liras. In Principle Decision I, the initial share capital requirement for Platforms was set at 50,000,000 (fifty million) Turkish Liras; therefore, the Communiqué No. III-35/B.2 imposes a higher minimum share capital requirement to ensure that financially stronger entities participate in the market.

For all CASPs, equity capital should not be lower than the initial share capital. In this regard, as of the sixth month of each year, at least 25% (twenty five percent) of the equity capital should consist of paid-in or issued capital. Additionally, the equity capital of Platforms should not fall below their liquid reserve requirement specified in Article 41 of Communiqué III-35/B.2 and as noted in Section 2.6 of this text.

A separate regulation has been introduced regarding the equity adequacy of crypto asset custody providers. Accordingly, if the total value of customer assets under custody exceeds 1,000,000,000 (one billion) Turkish Liras, the custody provider should hold an additional amount of equity capital equivalent to 1.5% (one and a half percent) of the portion exceeding one billion Turkish Liras. However, if customer assets do not exceed 1,000,000,000 (one billion) Turkish Liras, or if the equity capital is at least 1,500,000,000 (one billion five hundred million) Turkish Liras, no additional equity capital will be required.

2.2. Principles on the Services and Activities of CASPs

Under the Communiqué No. III-35/B.2, the services and activities that CASPs may provide are listed as follows:

  1. receiving and executing orders related to crypto assets, clearing and settlement, transferring crypto assets, and providing the necessary custody services;
  2. acting as an intermediary for the initial sale or distribution of crypto assets;
  3. custody, management, or other custody services determined by the CMB for crypto assets or their private keys;
  4. providing investment advisory services related to crypto assets; and/or
  5. other services and activities to be determined by the CMB.

Each of the services and activities listed above should only be carried out as a regular engagement, commercial activity, or professional activity after obtaining a specific license from the CMB. However, in line with the previously issued Principle Decision II, CASPs may also engage in services related to non-fungible and unique digital assets (i.e., NFTs) that represent and record ownership of digital assets, as well as digital assets used exclusively for creating or obtaining various elements within virtual games. CASPs may also conduct financial analysis and provide general recommendations related to crypto assets. For the services mentioned in this paragraph, CASPs are only required to notify the CMB.

Certain restrictions have been introduced regarding investment advisory activities provided by Platforms. Accordingly, investment advisory services may only be offered to customers whose crypto asset holdings on the relevant Platform have a current value of at least 50,000,000 (fifty million) Turkish Liras. This means that investment advisory services are limited to the so-called more qualified investors. Additionally, Platforms are prohibited from offering crypto asset portfolio management services. In other words, Platforms are not allowed to manage customer portfolios on behalf of each customer, either as a trustee or in a manner that results in direct or indirect financial benefit, nor are they permitted to manage portfolios based solely on verbal authorization from the customer.

2.3. Principles on Platform Activities

Under the Communiqué No. III-35/B.2, "Platform activities" refer to the processes carried out by Platforms, including receiving customer orders related to crypto assets, executing and matching orders either by pairing them or acting as the counterparty, clearing and settlement, initial sale or distribution, transfer, custody of these assets, and other transactions that may be determined. While conducting Platform activities, Platforms should execute customer orders in accordance with their order execution policy and the principles set forth in the framework agreement signed with the customer. Additionally, customers' cash receivables should be transferred to the relevant bank on the same day the customer submits the request. Another fundamental requirement for Platforms concerns the handling of customer funds and crypto assets. Accordingly, Platforms are required to keep customer cash and crypto assets separate from their own accounts.

Crypto assets listed on Platforms cannot be subject to leveraged trading, nor can they be subject to derivative contracts, margin trading, short selling, or securities lending transactions in accordance with the CMB's margin trading regulations.

Furthermore, Platforms are prohibited from using customer accounts as collateral for credit transactions, placing any encumbrance, pledge, or similar restriction on them for their own benefit.

2.4. Principles on the Activities of Foreign CASPs

As per the Communiqué No. III-35/B.2, services obtained by Türkiye-based individuals from CASPs based abroad are excluded from the scope of the Communiqué, as long as such CASPs do not engage in promotional, advertising, or marketing activities targeted at Türkiye-based individuals and that such services are obtained entirely at the individual's own initiative (i.e., on a reverse inquiry basis). This regulation aligns with the CMB's framework for investment institutions and thus permits services to be provided under the reverse-solicitation model, which is well recognized in financial markets.

However, if a CASP based abroad establishes an office or shows physical presence in Türkiye, launches a website in Turkish or directly or indirectly engages in promotional or marketing activities targeted to Türkiye-based individuals or institutions, such activities will be considered as services directed at Türkiye-based individuals. In this case, the relevant CMB regulations will apply to the CASP based abroad.

2.5. Principles for Listing Crypto Assets and Eligible Crypto Assets

Under the Communiqué No. III-35/B.2, the listing of crypto assets will be carried out by a listing committee established within the Platform. This committee should consist of at least three members, appointed by the board of directors of the Platform. At least one member of the listing committee should also be a board member of the Platform, and the majority of the committee members should have at least seven years of experience in finance, law, information technology, cybersecurity, or distributed ledger technology.

The listing committee is responsible for monitoring crypto assets that are listed or delisted within the Platform in accordance with Communiqué No. III-35/B.2. The committee should prepare a listing evaluation report to determine whether a crypto asset is eligible for listing or whether an already listed crypto asset should be delisted. The listing and delisting of crypto assets will be carried out based on the conclusions of these evaluation reports.

The Communiqué also emphasizes that crypto assets eligible for listing should be capable of being securely held by crypto asset custody service providers. It further outlines the essential criteria that should be met for a crypto asset to qualify for listing.

2.6. Principles on Crypto Asset Custody Services

The Communiqué No. III-35/B.2 defines crypto asset custody services as the storage, management, or other custody services determined by the CMB, concerning crypto assets or their private keys that Platform customers do not prefer to store in their own wallets. The Communiqué mandates that Platforms enter into an agreement with crypto asset custody service providers. Platforms are required to segregate customer-owned crypto assets from their own assets by holding them in accounts opened with crypto asset custody service providers on behalf of customers. Additionally, the Communiqué allows customers to enter into direct agreements with crypto asset custody providers and open accounts independently.

As first introduced in the Principle Decision II, and now incorporated into the secondary regulations, the principle of keeping customer assets in customer-controlled wallets has been formally established. It is stipulated that at least 95% (ninety five percent) of customer-owned crypto assets, which are not stored in customer-controlled wallets, should be held within crypto asset custody providers in accordance with the provisions set forth in the Communiqué No. III- 35/B.2. The remaining maximum 5% (five percent) of such assets may be stored in wallets held by the Platform, subject to compliance with the requirements specified in the Communiqué No. III- 35/B.2. In any case, the ratio of customer crypto assets that can be stored in wallets of Platforms during the day should not exceed 10% (ten percent). Furthermore, Platforms are required to maintain a liquidity reserve equivalent to at least 3% (three percent) of the customer assets held within the Platform.

The Communiqué provides detailed regulations concerning wallet technologies and sets out the criteria and operational standards that crypto asset custody providers should adhere to when delivering their custody services. It further requires that a written procedure governing these services be adopted through a board resolution and that this procedure be reviewed and updated at least once per year.

2.7. Principles on Integration with CSD

Platforms and crypto asset custody providers are required to integrate with the CSD regarding customer crypto asset balance information that is not recorded on the distributed ledger but instead exists within the Platform's trading system, transaction ledger, order book, and accounting system.

In addition, Platforms and custody providers are obligated to report to the CSD in accordance with guidelines established by the CSD and approved by the CMB.

2.8. Principles on the Financial Reporting Obligations of CASPs

It has been regulated that the principles, procedures, and rules attributed to entities specified in Article 4 of the Communiqué on Principles of Financial Reporting in Capital Markets No. II- 14.1 shall apply to the financial reports prepared by CASPs, as well as to the preparation and disclosure of such reports to relevant parties. As per the aforementioned Communiqué, CASPs are required to prepare interim financial reports in addition to their annual financial reporting obligation.

2.9. Principles on the Transition Process

Platforms that are listed on the CMB's list of active entities and those that have applied to the CMB before 13 March 2025, are required to align their custody infrastructure with the regulations established for custody services by 30 June 2025. Additionally, Platforms should comply with the share capital and equity adequacy requirements as of the date they apply to the CMB for an operating license, while compliance with other provisions should be ensured by 30 June 2025.

3.Regulations on Management and Audit of Information Systems

With the enactment of the Communiqué No. VII-128.10, CASPs have been included among the entities subject to the CMB's regulations on information systems management, making them responsible for compliance with the relevant procedures and principles.

Under Communiqué No. III-35/B.1, within the framework of the CMB's independent audit regulations on information systems, CASPs are required to enter into an agreement with an entity listed on the CMB's authorized independent auditors list for conducting independent audits on their information systems at least once a year and submit the audit reports to the CMB. Additionally, CASPs, and banks exclusively limited to providing crypto asset custody services, should conduct an independent audit once a year to ensure compliance with the internal control systems' functionality and processes set forth in Communiqué No. III-35/B.1 and to verify the conformity of their information systems with the TÜBİTAK infrastructure criteria.

4.Other Matters

On 13 March 2025, the effective date of Communiqué No. III-35/B.1 and Communiqué No. III- 35/B.2, the CMB issued Board Decision No. 8/313 in its bulletin No. 2025/15. This resolution addresses the implementation of previously issued principle decisions regulating the crypto asset ecosystem before the introduction of these secondary regulations. Accordingly, Principle Decision I has been entirely repealed, while certain provisions of Principle Decision II have been annulled.

Principle Decision I primarily set out the establishment requirements, incorporation procedures, and conditions applicable to the founders, shareholders, and executives of CASPs, which are now comprehensively regulated under Communiqué No. III-35/B.1. On the other hand, Principle Decision II covered provisions that were subsequently incorporated into both the Communiqué No. III-35/B.1 and Communiqué No. III-35/B.2, including procedures for receiving customer orders and the permissible channels for order submission, criteria for listing crypto assets, advertising and promotional activities, and integration with the CSD. However, certain provisions of Principle Decision II remain in force. These include provisions that preserve the authority and responsibilities of other institutions regarding crypto assets, provisions stating that the issuance and listing of capital market instruments as crypto assets are not yet feasible due to the incomplete development of custody infrastructure and reserve proof mechanisms, provisions requiring CASPs to establish the necessary technical infrastructure for data transfer to the CSD within the framework and timeline determined by the CSD, and provisions outlining CASPs' responsibilities in transactions where they act as the counterparty to customers or where customers execute matching transactions, ensuring the presence of crypto assets in the relevant accounts and the proper execution of transfers.

5.Conclusion

These regulations address key issues that have been eagerly anticipated by participants in Türkiye's crypto market and represent a significant step towards establishing a more transparent and secure market structure. We believe that the clear obligations imposed on market participants will not only enhance trust in the sector but also contribute to the formation of a more clear regulatory framework. These developments have the potential to create a more predictable market environment for both retail investors and institutional participants, thereby fostering the growth of Türkiye's crypto market within a framework of trust.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Nazlı Tönük Çapan
Nazlı Tönük Çapan
Person photo placeholder
Seda Köprülü
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More