MASAK (Mali Suçları Araştırma Kurulu) — Financial Crimes Investigation Board of Türkiye — is the Turkish financial-intelligence unit (FIU) and principal regulator for AML, counter-terrorism financing (CTF), and proliferation-financing prevention. Established in 1997 and operating under the Ministry of Treasury and Finance, MASAK’s mandate covers AML/CTF rule-making, supervision of obligated entities, intelligence collection and analysis, and coordination with law enforcement and international FIUs (Egmont Group member). For Turkish fintechs, banks, crypto-asset platforms, and other regulated entities, MASAK is the central AML/CTF regulator alongside sector-specific authorities (BDDK, SPK).
MASAK’s supervisory perimeter (obligated entities under Law No. 5549 and subsequent amendments) includes: (i) banks and credit institutions; (ii) capital markets entities (investment firms, portfolio managers, fund operators); (iii) payment institutions and e-money institutions; (iv) crypto-asset service providers (added 2021, expanded 2024 under SPK crypto framework); (v) insurance and reinsurance companies; (vi) real-estate brokers for transactions above thresholds; (vii) precious-metals dealers; (viii) independent auditors, lawyers, notaries, accountants for specific transaction types; and (ix) jewelry, art-dealing, and other categories added periodically through MASAK regulations.
Core AML/CTF obligations imposed by MASAK include: customer identification (KYC) — beneficial-ownership identification (10% threshold for crypto, 25% for other regulated activities), enhanced due diligence for higher-risk customers/transactions, ongoing customer-relationship monitoring; transaction monitoring against MASAK red-flag indicators and entity-specific risk assessments; suspicious transaction reports (STRs) filed with MASAK within 10 business days of suspicion formation; cash transaction reports (CTRs) for cash transactions above defined thresholds (currently TRY 75,000 for most categories); record retention for 8 years; MLRO appointment (Money Laundering Reporting Officer / Uyum Görevlisi); and sanctions screening against OFAC/EU/UN/Turkish sanctions lists.
MASAK enforcement mechanisms include: administrative penalties (substantial fines for compliance failures — recently up to TRY 2.5M+ per violation depending on entity size); license-suspension recommendations coordinated with BDDK/SPK; criminal referrals for serious laundering or financing offenses (carrying significant criminal exposure under Turkish Penal Code provisions); international information-sharing with foreign FIUs via Egmont Group; and public disclosure of enforcement actions for deterrence purposes.
For Turkish fintech founders, MASAK compliance is Day-1 operational architecture, not a post-launch retrofit: AML program design (policies, procedures, training, MLRO appointment), KYC/CDD workflow integration with customer-onboarding mechanics, transaction-monitoring systems with MASAK red-flag detection, sanctions-screening infrastructure (typically through vendors like Refinitiv, Chainalysis for crypto, Acuris), STR-filing protocols and decision-making framework, and ongoing MASAK supervisory-relationship management. Vircon Legal advises Turkish fintechs, crypto-asset platforms, and regulated entities on MASAK compliance — program architecture, KYC/CDD framework design, transaction-monitoring rule calibration, STR-filing protocol, MLRO governance, sanctions-program design, and the strategic coordination of MASAK obligations with BDDK, SPK, and KVKK requirements.