Long left outside regulation, the crypto-asset sector became subject to regulation in Turkey through provisions added to the Capital Markets Law No. 6362 by Law No. 7518 of 2 July 2024. This reform defined crypto-asset service providers (CASPs) and designated the Capital Markets Board (CMB) as the competent authority for the sector. Secondary legislation has detailed the operating principles and the capital and technology requirements.
What Is a Crypto-Asset Service Provider?
CASPs are institutions that intermediate the buying and selling, initial sale or distribution, exchange or transfer of crypto assets, related custody services and other transactions defined in the legislation. The main activity types are:
- Platform (exchange): The venue where trading, initial sale/distribution and exchange of crypto assets take place.
- Custody service: Safekeeping and management of crypto assets or of the private keys that provide access to them.
- Intermediary services: Order transmission and other intermediation activities defined in the legislation.
Application and Authorisation Process
Institutions wishing to operate must obtain authorisation from the CMB. The process generally involves:
- Corporate structure: Incorporation as a joint-stock company and meeting the reputation and integrity requirements for shareholders and managers.
- Capital adequacy: Minimum capital and equity requirements. As the amounts may be updated by regulation, the current thresholds should be verified before applying.
- Technology and security: Strong controls over information systems, cybersecurity, wallet management and protection of client assets; independent information-systems audit.
- Segregation of client assets: Crypto assets and cash belonging to clients must be kept separate from the institution's own assets.
- AML compliance: An anti-money-laundering and counter-terrorist-financing programme, know-your-customer (KYC) and suspicious-transaction reporting obligations.
Ongoing Obligations
Obligations continue after authorisation: regular reporting, independent audit, maintenance of internal control and risk management, protection of client assets and keeping information-systems security up to date. Non-compliance can lead to consequences ranging from administrative sanctions to revocation of the operating licence.
The International Dimension
With the convergence of crypto-asset rules globally — driven by frameworks such as the EU's MiCA — compliance design becomes even more important for ventures that will operate in Turkey or provide cross-border services. In multi-jurisdiction business models, each country's requirements must be assessed together.
How FinWise Consulting Helps
We provide end-to-end advisory to crypto-asset ventures — including correct classification of the activity type, preparation of the CMB authorisation file, planning of capital and technology requirements and establishment of the AML compliance programme. Integrating regulatory expectations into the business model at an early stage both accelerates authorisation and delivers sustainable compliance in subsequent inspections.


