ARTICLE
30 June 2026

Digital Onboarding Era For Non-Turkish Natural Persons

YA
Yuksel Attorneys at Law

Contributor

Yuksel Attorneys at Law logo
Yüksel Attorneys at Law is a dynamic and innovative law firm addressing the rapidly evolving needs of the technology and finance sectors. With expertise in financial technologies, technology law, data privacy, digital assets, and (e-)commerce, our firm provides agile, innovative, and up-to-date legal solutions to the fast-paced demands of the tech and finance industries.
Explore Firm Details
Türkiye’s five-year journey in remote identification reached a new threshold on 27 June 2026: non-Turkish natural persons may now become customers remotely by using their passports...
Turkey Technology
Gökhan Yüksel

What Does Remote Identification via Passport Bring?

Türkiye’s five-year journey in remote identification reached a new threshold on 27 June 2026: non-Turkish natural persons may now become customers remotely by using their passports for remote identification. How did Türkiye reach this point, and as of 27 June, is it practically possible for the institutions within the scope to implement this process?

As will be recalled, Türkiye first introduced an official framework for video-based remote identification in 2021. Over the past five years, this framework has gradually expanded.

Initially, opening a full-scope account mostly required contact through physical channels. On the payment and electronic money side, digital customer acquisition was already possible for limited/anonymous accounts through simplified due diligence measures. For a period, the process continued through courier companies collecting signed agreements and taking photographs of identity documents. Today, almost all of these steps can be completed within minutes through a mobile phone camera and the chip embedded in an identity document.

With the Official Gazette dated 27 June 2026, this door has opened one step further. Non-Turkish natural persons may now become customers remotely by using their passports. In addition, in the remote identification of legal entities registered with the Trade Registry, the identification of non-Turkish natural persons authorized to represent the legal entity has also been made possible.

From 2021 to Today

  • 1 April 2021 — BRSA, Regulation on Remote Identification Methods to be Used by Banks (O.G. №31441).
  • 30 April 2021 — MASAK General Communiqué (Serial No: 19) (O.G. №31470).
  • 11 January 2022 — Regulation on Remote Identification for Financial Leasing, Factoring, Financing and Savings Financing Companies (O.G. №31716).
  • 8 February 2022 — CMB Communiqué No. III-42.1; intermediary institutions and portfolio management companies (O.G. №31744).
  • 18 May 2022 — MASAK Serial No: 20 (O.G. №31839): capital market transactions (Art. 5/A) and financing companies (Art. 5/B) were included; YUVAM/Blue Card exception.
  • 11 August 2023 — MASAK Serial No: 24 (O.G. №32276): principles for natural persons (Art. 4/A) and legal entities (Art. 4/B), AI-based methods (Art. 4/9), NFC/security elements.
  • 4 November 2023 — MASAK Serial No: 25 (O.G. №32359): payment and electronic money institutions were included in full-scope remote customer acquisition (Art. 5/C).
  • 25 December 2024 — MASAK amendment (O.G. №32763): crypto asset service providers (Provisional Article 1) and restriction regarding privacy-based crypto assets (Art. 6/5).
  • 12 June 2025 — MASAK Serial No: 28: the position of crypto asset service providers under Communiqué №19 in terms of remote identification was clarified.
  • 28 February 2026 — Amendment to CMB Communiqué No. III-42.1: crypto asset service providers and AI-based methods.
  • 27 June 2026 — MASAK Serial No: 32 (O.G. №33293): remote identification of foreigners via passport (Art. 4/C).

Where It Began: The “Turkish ID Card” Threshold of 2021

The BRSA’s “Regulation on Remote Identification Methods to be Used by Banks and the Establishment of Contractual Relationships in Electronic Environment” (1 April 2021, O.G. №31441) and MASAK General Communiqué (Serial No: 19) (30 April 2021, O.G. №31470) entered into force almost simultaneously. The logic was twofold: the BRSA opened the channel, while MASAK determined the anti-money laundering and counter-terrorist financing (AML/CFT) standard for that channel.

The defining feature of this initial period was that the system was built around verification through the chipped Turkish Republic Identity Card and the Ministry of Interior’s Identity Sharing System (KPS). In other words, becoming a customer remotely was, in practice, available to Turkish citizens and holders of Turkish identity cards.

Expansion of Scope: Capital Markets, Payments and Financing

2022 was the year in which the channel expanded beyond banking. The CMB’s Communiqué No. III-42.1 (8 February 2022, O.G. №31744) covered intermediary institutions and portfolio management companies, while MASAK Serial No: 20 included capital market transactions (Art. 5/A) and financial leasing, factoring, financing and savings financing companies (Art. 5/B). An exception based on the Blue Card was also introduced during this period for YUVAM accounts of citizens residing abroad.

In November 2023, with the amendment introduced by Serial No: 25 (O.G. №32359), payment and electronic money institutions were next (Art. 5/C): these institutions, which had previously acquired customers digitally through simplified measures for limited accounts, were brought under the official framework for full-scope remote customer acquisition. As a result, “remote customer acquisition” spread across the financial ecosystem, from banks to fintechs.

Maturation: Artificial Intelligence and Crypto

The comprehensive MASAK amendment dated 11 August 2023 technically matured the framework. Detailed principles were introduced for natural persons (Art. 4/A) and legal entities registered with the Trade Registry (Art. 4/B). The most critical development was the inclusion of AI-based methods in the process (Art. 4/9). For face comparison or liveness tests carried out fully through artificial intelligence without a customer representative, a TSE report demonstrating that the false acceptance rate of the algorithm is below one in ten million was required. Near-field communication (NFC) and security elements were also defined during this period.

On 25 December 2024, a new actor came to the forefront: crypto asset service providers were included in the remote identification framework. Those intermediating privacy-based crypto assets were prohibited from using this method. In February 2026, the CMB amended Communiqué No. III-42.1 and expressly included crypto asset service providers and AI-based methods within its regulatory framework.

Today: Foreigners and Passports (27 June 2026)

With MASAK General Communiqué (Serial No: 32), published in the Official Gazette dated 27 June 2026 and numbered 33293, MASAK took the most visible step in this five-year process and added a new Article 4/C to the Communiqué:

Non-Turkish natural persons may become customers through remote identification via passport. Moreover, the regulation is not limited to individuals: in the remote identification of legal entities registered with the Trade Registry, the identification of a non-Turkish natural person authorized to represent the legal entity may also be carried out under the same principles (Art. 4/C(2)).

The regulation states that identification must be carried out through a passport that is compliant with ICAO Standard 9303 and has NFC capability, by trained personnel through a video call.

It is expressly provided that if the information contained in the passport chip cannot be verified via NFC, no business relationship may be established. Customers acquired through this method will be monitored as high-risk customers. For identity verification, a money transfer from the person’s own bank/card account will be mandatory. Funds may be credited to the account only from the person’s own accounts held abroad, and outward transfers abroad from the account may only be made to bank accounts opened in the name of the same person.

There is a notable difference from identification through a Turkish identity card. Where NFC verification fails for a Turkish identity card, there is an alternative route based on the verification of at least four security elements; however, no such alternative is provided for passports.

No money transfer or cash withdrawal may be carried out before address verification is completed. These inflow/outflow and cash restrictions do not apply if identification is subsequently carried out under Article 6/2 of the Communiqué, i.e., through face-to-face identification; in that case, the customer will not be subject to the cash withdrawal and relevant transfer restrictions.

This framework should not be read as meaning that “passport-based foreign customer acceptance has been liberalized.” A more accurate reading is that an AML framework has been established for the remote identification of non-Turkish natural persons via passport, provided that the relevant obliged parties satisfy the specified technical, operational and compliance requirements.

The Communiqué also aligned the definition of “financial institution” with the Regulation, added crypto asset service providers to the capital markets reference, and expanded the addressees of enhanced due diligence measures to all obliged parties.

In short, within five years, an important threshold has been crossed in the expansion of scope from Turkish citizens holding Turkish identity cards to foreigners holding NFC-enabled passports.

What Comes Next? The Next Step for Onboarding under the Communiqué

The key question is: “The new article has entered into force, so can foreign customer acceptance begin tomorrow?” The short answer is: the MASAK Communiqué alone is not sufficient.

The MASAK Communiqué only establishes the AML/CFT layer; the permission to use the remote channel itself must come from the institution’s own sectoral legislation. Indeed, Article 4/1 of the Communiqué allows remote identification only where the institution’s primary activity legislation permits the establishment of contractual relationships without face-to-face contact. Therefore, the practical roadmap for passport-based foreign customer acceptance is as follows:

  1. Sectoral regulatory alignment. The remote identification regulation of the relevant authority — the BRSA for banks, the CMB for intermediary institutions, portfolio management companies and crypto asset service providers, and the CBRT for payment and electronic money institutions — must accommodate the passport-based method. While the 2026 amendments on the CMB side appear to provide a relatively more advanced basis, the current texts must be checked and, where necessary, supplemented for passport-specific alignment on the banking and payments side. For payment and electronic money institutions, CBRT legislation provides a more open framework for establishing contracts through remote communication tools, as there is no explicit emphasis on the Turkish Republic Identity Card in the legislation. Nevertheless, the implementation of the passport/NFC method by each institution must be designed by taking into account CBRT legislation, MASAK Article 4/C requirements and the institution’s own risk assessment.
  2. Technical infrastructure. Institutions must establish NFC passport reading capability, ICAO 9303 compliance checks, uninterrupted video calls conducted by trained personnel and, if used, AI applications satisfying the requirements of Article 4/9 (TSE report / international accreditation).
  3. Compliance documentation. Pursuant to Article 4/C(3) of the Communiqué, the relevant institution must prepare an implementation guideline regarding customer due diligence, risk management and monitoring and control activities, and must incorporate these measures into its institutional policies and procedures.
  4. Notification to MASAK. Within one month following the commencement of customer acceptance, the measures taken and the procedures and guidelines prepared must be notified to the MASAK Presidency. In addition, statistics regarding the customers accepted under this method must be submitted on a quarterly basis.
  5. Embedding transaction restrictions into systems. High-risk monitoring, the mandatory first transfer from the person’s own account, the restriction of account inflows/outflows to the person’s own foreign accounts, and the prohibition on money transfers/cash withdrawals before address verification must be built into the operational flow from the outset.

In other words, the entry into force of the Communiqué is the starting line, not the finish line. The next concrete step is to verify alignment with the passport-based method under the regulations of the institution’s relevant authority (BRSA/CMB/CBRT), while simultaneously establishing the implementation guideline and procedures required under Article 4/C(3) and the MASAK notification process. Without completing these preparations, foreign customer acceptance cannot practically begin, even though the article is in force.

General Assessment

The passport-based remote identification regulation should not be viewed merely as a technical customer acquisition convenience. This step may be considered part of a broader transformation in Türkiye’s capacity to provide financial services to foreign natural persons.

Recent regional and global developments have accelerated changes in capital flows, investor preferences and entrepreneurial mobility. Türkiye, with its geographic position, young and digital user base, developing payment and electronic money ecosystem, product diversity in the capital markets and the emergence of a regulatory framework for crypto asset services, is increasing its potential to become a regional access point for financial services.

For this potential to materialize, it is critical for foreign investors, entrepreneurs, professionals and persons seeking to establish an economic connection with Türkiye to be onboarded into the financial system remotely and securely, without contact through physical channels. Passport-based remote identification is therefore not merely a “compliance” regulation, but also an infrastructure step that may enhance Türkiye’s international customer acquisition capacity.

The impact of the regulation may become visible in several areas.

First, the onboarding process may become easier for foreign natural persons wishing to open investment accounts in Türkiye. The digitalization of access to capital markets may allow foreign investors to interact more quickly with financial products in Türkiye.

Second, foreign user acquisition may become more strategic for payment and electronic money institutions. In terms of digital wallets, money transfers, electronic money accounts and cross-border payment flows, passport-based remote identification may support Türkiye-based fintechs in accessing users at a regional scale.

Third, considering the cross-border nature of crypto asset markets, the remote acquisition of foreign users may be commercially significant.

Fourth, the legal entity onboarding processes of foreigners establishing companies, making investments or conducting commercial activities in Türkiye may become easier. Allowing remote identification via passport for foreign representatives of legal entities registered with the Trade Registry may provide operational convenience in relation to company account openings, investment relations and access to financial services.

From these perspectives, the regulation has the potential to contribute to Türkiye becoming a more accessible financial market for foreign investors and foreign users. However, this impact will not materialize automatically.

The MASAK regulation establishes the AML/CFT framework, but for this framework to translate into economic impact, the position of sector regulators on the passport/NFC method must be clarified, institutions must complete their technical infrastructure, and customer acceptance processes must be designed in line with a high-risk approach.

Accordingly, the amendment dated 27 June 2026 represents an important starting point for Türkiye’s ability to include foreign investors and regional financial users in its financial system through digital channels. The next phase is to build the sectoral alignment, technical readiness and operational capacity that will make this starting point practically usable.

Sources

  • MASAK General Communiqué (Serial No: 32), 27 June 2026, O.G. №33293 — Ministry of Treasury and Finance / Official Gazette.
  • MASAK General Communiqué (Serial No: 19), 30 April 2021, O.G. №31470 (as consolidated with the amendments dated 18 May 2022, 11 August 2023, 4 November 2023 and 25 December 2024) — Official Gazette.
  • Regulation on Remote Identification Methods to be Used by Banks and the Establishment of Contractual Relationships in Electronic Environment, 1 April 2021, O.G. №31441 (entry into force: 1 May 2021) — BRSA.
  • Regulation on Remote Identification Methods to be Used by Financial Leasing, Factoring, Financing and Savings Financing Companies and the Establishment of Contractual Relationships in Electronic Environment, 11 January 2022, O.G. №31716 (entry into force: 11 February 2022) — BRSA.
  • Communiqué on Remote Identification Methods to be Used by Intermediary Institutions, Portfolio Management Companies and Crypto Asset Service Providers and the Establishment of Contractual Relationships in Electronic Environment (III-42.1), and the amendment dated 28 February 2026 — CMB / Official Gazette.

Originally published by Medium

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Person photo placeholder
Gökhan Yüksel
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More