We prepared this information note to discuss the new legal changes on crypto assets entitled The Law Amending The Capital Markets Law No. 7518, which was published in the Official Gazette dated 2 July 2024 and No. 32590.
Applicable Legislation:
- Law Amending The Capital Markets Law 7518 (“Crypto Assset Law”)
- Capital Markets Law No. 6362 (“Capital Markets Law”)
1. Definition and Scope:
1.1 What exactly qualifies as a "crypto asset" under this law?Which categories of crypto assets fall under the scope of this law?
The Crypto Asset Law of Turkey defines "crypto assets" as intangible property distributed over digital networks that is produced and maintained electronically by distributed ledger technology or a similar method, and that can be used to represent rights or values. The law specifically regulates cryptocurrency assets that are sold or distributed for the first time, as well as those that are exchanged on platforms, especially if they give rights exclusive to capital market instruments. This includes digital assets whose issuance as capital market instruments has been approved by the Capital Markets Board (“CMB”). Cryptocurrency assets that do not fall within these categories may nonetheless be subject to laws if they are created using distributed ledger technology or any other comparable infrastructure that is necessary to their value.
1.2 How does the law define a "crypto asset platform" and what activities are permitted under this definition?
A "crypto asset platform" is described as a digital platform that facilitates different types of transactions involving crypto assets, such as trading, initial sale or distribution, clearing, settlement, transfer, custody, and other activities as specified by regulatory provisions, according to the Crypto Assets Law. Crypto asset platforms are indispensable tools used to carry out safe and effective operations concerning crypto assets within the CMB's framework. User interchange, asset management and adherence with legal requirements whilst defending investor rights are the key principles of these platforms.
2. Regulatory Framework:
2.1 What are the key regulatory powers granted to the Board concerning crypto assets?
After the establishment of this new amendment law The CMB will have full authority in determining the principles of crypto asset providers. The Board will determine the procedure and principles regarding (i) the establishment and initiation of activities, (ii) activities that crypto asset providers are allowed to perform, (iii) temporary or permanent suspension of activities, (iv)partners, managing personnel, organization, share transfers and personnel, (v) capital adequacy requirements, (vi) possible liabilities, (vii) Information systems and technological infrastructure, based on criteria determined by TÜBİTAK (Scientific and Technological Research Institution of Turkey)
2.2 How does TÜBİTAK contribute to the regulatory process?
TÜBİTAK plays a significant role in the regulatory framework of the new Crypto Asset Law, specifically TÜBİTAK provides expertise on issues concerning the technological aspects of crypto asset providing services and acts as a guide for aiding legislators in understanding information systems and technological infrastructures used in crypto asset services. The law mandates service providers to obey the criteria defined by TÜBİTAK regarding the specific technological characteristics of crypto assets and the process of creating, storing and distribution of said assets. The involvement of TÜBİTAK in the regulatory process aided in the creation and the future implementation of this law due to their critical role in providing insight into the technological and technical aspects regarding the nature of crypto assets. The Crypto Assets Law is still in its infancy phase and as secondary regulations that are developed TÜBİTAK's insights and guidance is expected to further the understanding of legislators in the subject of crypto assets and the criteria which they set is expected to develop and refine thus ensuring a more transparent and safe crypto market in Turkey.
2.3 Are there specific provisions regarding the issuance of crypto assets as capital market instruments?
The Crypto Asset Law, regulates the allocation of crypto assets as capital market instruments in Turkey. The law stipulates that the CMB is authorized in the issuance of crypto assets as capital market instruments.
With this new law crypto assets, which are issued as capital market instruments, are now subject to regulatory oversight by the Board. This oversight by the Board ensures the establishment of new standards for the crypto market in Turkey thus ensuring investor interests. This oversight defines the legally accepted parameters where these market instruments can be created, traded and managed as cryptocurrencies in Turkey.
Moreover, the law has maintained its connection to the law regarding protection of the value of Turkish currency which ensures that relevant regulations regarding currencies are adhered in transactions with crypto currencies.
3. Operational Requirements:
3.1 What are the mandatory requirements for existing crypto asset service providers?
Existing crypto asset service providers are subject to new requirements under the new Crypto Asset Law (Law No. 7518).
First on the list of these requirements is that the existing crypto asset providers that wish to continue their operations are obligated to make a declaration of intent and apply for an operating license to the CMB within one month of the law coming into effect. After the declaration of intent the existing crypto assess service providers that wish to continue operating are obligated to apply to the CMB officially in order to obtain their operating license. If an existing crypto asset service provides does not wish to continue their operation they are obligated to notify the CMB to begin the liquidation procedure of their operation. Additionally, crypto asset service providers wishing to terminate their operations are not allowed to accept new customers and are mandated to notify currently existing customers of their liquidation process whilst ensuring that the existing customers' rights are protected. The Crypto Asset Law also stipulates that all crypto asset service providers that use ATMs or similar devices in the facilitation of cash conversions or transfers of crypto assets, and/or crypto asset service providers that are located abroad must cease their operations by October 2, 2024.
Service providers are mandated to comply with the current regulatory criteria in terms of their operations, finances and technological requirements. These include criteria relating to partners, managers, personnel, the organization itself, share transfers, capital adequacy and information systems. Service providers are also obliged to become members of the Turkish Capital Markets Association. Additionally, service providers are required to pay one percent of their annual income to the CMB and a further one percent to TÜBİTAK for the development of blockchain and related technologies.
Moreover, crypto asset service providers are now obligated to keep a separate record of the assets owned by the customers as well as keep a record of their own assets. Service providers are now bound to accept legal responsibility for ensuring the safety of the customers and any clauses that abolish said responsibility is considered void.
Crypto asset service providers are also required to comply with certain audits regarding their information systems and finances. The aforementioned audits are conducted by independent auditors who are selected by the CMB.
Finally, crypto asset providers who are continuing their operations in light of the new law must comply with all sanctions and penalties which are regulated by the law. Instances of non-compliance with the regulation have severe legal consequences.
3.2 What are the choices given to existing crypto asset service providers?
Existing crypto asset service providers have two choices in light of the new Crypto Asset Law. They can choose to forego of their operation and start the liquidation of their operations and notify previously existing clientele by October 2, 2024. Those who do not wish to cease their operations are mandated by law to declare their intention to continue their operation and apply for an operating license within one month of the law coming into effect, which is 2 August 2024.
There is also a portion of existing crypto asset service providers that are mandated to terminate their operations by the new legislation. These service providers include those who are managing their operation abroad and those providers who use ATMs or other similar devices to facilitate the cash conversion or transfer of crypto assets. These crypto asset service providers are also given until 2 October 2024 to cease their operations, liquidate their assets and notify their clients.
3.3 What are the licensing requirements to operate as a crypto asset service provider?
There are certain requirements that must be met by crypto asset service providers in order to obtain their operating license. The most important requirement is to obtain permission from the Board and to obey the operating criteria that the Board has set in place. Crypto asset service providers must apply to the Board to obtain this license with the necessary documents stated in the amendment and further conditions that are to be determined by secondary regulations, within one month of this new legislation taking effect.
3.4 What are the criteria for share transfers of crypto asset service providers?
Under the Crypto Currency Law share transfers for crypto asset service providers have become subject to stringent regulations in order to establish a stable crypto currency market with integrity in Turkey. According to the law, any transfer of shares within crypto asset service provider companies requires prior approval from the Board. Shareholders are expected to comply with several prerequisites in order to be able to transfer ownership of their shares in crypto asset service providers. These prerequisites include: the shareholder must not be going under liquidation or bankruptcy proceedings, the shareholder must not have been convicted of certain specified offenses like embezzlement. The conditions for share transfers in crypto asset service providers are seeded to protect the crypto market from financial instability and to ensure that the ownership and management of crypto asset service providers are in the hands of financially stable individuals or entities.
3.5 What are the specific deadlines and requirements for existing service providers to comply with the law?
The Crypto Asset Law, which came into effect with its publication in the Official Gazette on 2 July 2024, presents are new era with aims to bring oversight and stability to Turkey's crypto asset market. With the implementation of this law new crypto asset service providers as well as previously existing ones have become subjects to stringent legal requirements as mentioned above.
First of all , existing providers must promptly declare their intention to seek operational licensing from the Capital Markets Board (CMB). Within one month of the law coming into force, by 2 August 2024, these providers must submit a declaration outlining their readiness to comply with all stipulated requirements, including providing necessary documentation as per forthcoming secondary regulations.
Crypto asset service providers wishing to terminate their operations are not allowed to accept new customers and are mandated to notify currently existing customers of their liquidation process whilst ensuring that the existing customers' rights are protected. The Crypto Asset Law also stipulates that all crypto asset service providers that use ATMs or similar devices in the facilitation of cash conversions or transfers of crypto assets, and/or crypto asset service providers that are located abroad must cease their operations by October 2, 2024.
Additional, specific deadlines regarding crypto asset providing services who offer services that are now deemed non-compliant with the new law have been declared with the Crypto Asset Law. Crypto asset service providers that use ATMs or similar devices in the facilitation of cash conversions or transfers of crypto assets, and/or crypto asset service providers that are located abroad must cease their operations by October 2, 2024.
Alongside the deadlines outlined by the law, existing crypto asset providing services who wish to continue their operations are under certain requirements that can be listed as; (i) keeping separate records for customer assets and ensuring that they are shielded from financial and legal risks associated with the service provider, (ii) adhering to the written form condition for customers as per the law states, (iii) refraining from contractual clauses that limit or eliminate the responsibilities of the service. It must be noted that contractual clauses containing and limitation or elimination of the service provider's responsibility are considered null and void by the law.
4. Customer Protections:
4.1. How are customer funds and assets protected under this law?
One of the main objectives of the Crypto Asset law is to protect customer rights and safeguard cash assets of the customers that are held by the crypto service providers. The first regulation towards this main objective is mandating crypto asset providers to keep the client's assets and cash separate from the assets of the service provider in order to shield the client from any legal or financial risk.
Additionally, the Crypto Asset Law has brought on new requirements regarding the form of the user agreement between the customer and the crypto asset service providing service. These new regulations mandates that the agreement between the customer and the service provider is subject to a written form condition. As for agreements that are established remotely, the CMB has also listed the remote communication tools that may be used in the process. With these regulations to the agreement process, the CMB ensures that the customer identity is verified and that unauthorized access to customer accounts are prevented.
Furhermore, the law places stringent limitations on the financial and operational frameworks of companies that provide services related to crypto assets. In order to fulfill their responsibilities to clients, including the safe custody and administration of cryptocurrency assets and private keys, providers must continue to have enough financial stability. Inadequate performance of these duties may result in harsh consequences, such as the cancellation of operating permits and individual culpability for losses.
Moreover, independent audit companies chosen by the Board perform audits of crypto asset service providers to verify that these rules are followed and to protect against any threats like cyberattacks or operational breakdowns. This regulatory framework seeks to create a safe and stable environment for the growth of the business by fostering confidence in customers and investors taking part in crypto asset transactions within Turkey.
4.2 What are the provisions for agreements between crypto asset service providers and their customers?
The Crypto Asset Law imposes certain requirements on contracts between clients and crypto asset service providers. The aim of these requirements is to ensure that the rights of the client is protected as well as to ensure a safe and open crypto market in Turkey. As mentioned above the agreements have a strict written condition and devices that are allowed in making remote agreements are determined by the CMB.
One of the most important changes made to the agreements between crypto asset service providers and their clients is the prohibition of any records limiting or eliminating the responsibilities of service providers from their customers from existing in the contract. The service providers are also mandated by law to keep their assets and their clients' asset separate in order to protect the clients.
These new regulations help protect the assets of the client and highlight the responsibility that service providers have to their clientele. In light of the Crypto Asset Law, Turkey's crypto market has started moving in a more transparent, stable and safe direction.
4.3 How are disputes to be resolved between service providers and customers?
According to the Crypto Assets Law, the Board will determine the principles and procedures regarding the resolution of disputes between the customers and crypto asset service providers. The law dictates that service providers and customers may establish their agreements in writing or through remote communications tools which are explicitly specified by the Board. These tools are used in order to verify customer identity and ensure transparency. The Board will outline the scope, terms of amendment, fees, termination, and other essential matters to be included in these agreements. Importantly, any contractual provisions attempting to limit or eliminate the liability of crypto asset service providers to their customers are deemed invalid. These regulatory guidelines are intended to protect the rights of customers and provide an equitable means of resolving disputes resulting from the transactions of cryptocurrency assets and services rendered by custody service providers and platforms that fall under the jurisdiction of Turkey.
5. Revenue and Audit:
5.1 What are the financial obligations of crypto asset platforms, including revenue sharing with the Board and TÜBİTAK?
The Crypto Asset Law has brought on many considerable financial obligations on crypto asset platforms based in and operating in Turkey. First of these new obligations is that crypto asset service providers are mandated to reserve one percent (exclusive of interest) of their yearly revenue for payment to the CMB. This income helps to finance Turkey's regulatory efforts concerning virtual assets, guaranteeing adherence to legal requirements and assisting in the supervision of virtual asset exchanges.
Crypto asset platforms are required to donate one percent of their annual income to TÜBİTAK by the end of May each year, in addition to the amount already contributed to the CMB.This fund is intended only for the advancement of blockchain technology and associated information systems, encouraging technological infrastructure and innovation in the cryptocurrency asset market.
The financial obligations regulated in the Crypto Asset Law are fundamental in the betterment of the technological landscape and to benefit the economic and financial ecosystem of Turkey. All crypto asset service providers wishing to continue their operations are required to abide by the revenue sharing and additional financial obligations.
5.2 What are the auditory requirements of crypto asset service providers?
Guaranteeing security and transparency in Turkey's crypto market is one of the main objectives of the Crypto Asset Law, which is the reason for the strict auditory requirements that are mandated for crypto asset service providers. The audits are required to be carried out by independent audit firms that are specifically tasked with the auditing of crypto asset providers by the CMB. Financial audits are conducted to ensure integrity and stability within the service providers as well as to make sure that service providers are capable of fulfilling their responsibilities to shareholders and clients. The technological audits are made in order to ensure the stability and security of the infrastructure and information systems of the service provider.
The auditory requirements are in place to protect client assets and ensure dependability in the market thus strengthening the trust in the market environment and and maintaining reliability as.
5.3 What are the consequences for non-compliance with audit and financial reporting requirements?
The Crypto Asset Law has foreseen serious legal consequences for instances of non-compliance with financial reporting and auditing requirements. The CMB has selected independent audit firms for the auditory process and if the aforementioned requirements are not met crypto asset service providers could potentially face harsh consequences such as, substantial fines, temporary or permanent suspension of activities and the cancellation of operating license.
Noncompliance with financial reporting regulations may result in legal actions against the service provider with the intent to force the service providers to strengthen their current financial structures. These legal actions includes temporary discontinuation of operations in cases where the service providers are unable to fulfill their financial responsibilities like cash payments and commitments for crypto asset deliveries. Additionally, executives and board members may be held personally liable if the providers' carelessness or other wrongdoing prevents damages from being recovered from them.
The law highlights the high level of importance placed on the compliance with reporting and auditory requirements by holding crypto asset service providers responsible for losses that result from operational failures or cyberattacks in cases where the auditory requirements were not met by the service provider. Due to the significant consequences placed on non-compliance it can be seen that the new law is dedicated to ensuring the safety of stakeholders and customers in the crypto market.
6. Sanctions and Legal Compliance:
6.1 What sanctions or penalties apply for operating as a crypto asset service provider without Board permission?
The Crypto Currency Law regulates strict punishments for providing crypto asset services prior to obtaining the necessary authorization and license from the CMB. Individuals or corporation who are found to be engaging in crypto asset service providing activities without the necessary licensing may face severe punishments such as being sentenced to three to five years in prison or substantial judicial fines in the range of five to ten thousand days.
6.2 How does the law address breaches of financial obligations or security measures by service providers?
The Crypto Asset Law asserts strict and detailed procedures in regards to security and financial duty violations by crypto asset service providers. With the new law, crypto asset service providers are required to have strong enough financial systems to be able to carry out their cash and crypto delivery responsibilities.With the authority to supervise these providers, the Capital Markets Board (CMB) may impose severe penalties, including temporary suspensions, the cancellation of operating licenses, or the limitation of managerial powers, in the event that providers do not fulfill their financial obligations to a sufficient degree.
The new law highlights personal accountability as an integral part of determining the responsible parties within the service provider organization in cases of illegal activity or breach of duty causing financial losses. The personally accountable person(s) found to be responsible for the losses face the financial burden by themselves. Members of the crypto asset service provider may be held accountable for their actions and the specific conditions, even in situations when recovery from the provider is not feasible.
In terms of technology security, the law imposes a large obligation on service providers to protect against damages resulting from malfunctions, cyberattacks, or breaches in information security. To reduce these risks, service providers need to put in place and maintain reliable information systems and follow the guidelines established by TÜBİTAK, the Scientific and Technological Research Institution of Turkey.
Moreover, people in senior roles at cryptocurrency asset service providers who embezzle or misuse funds entrusted to them are subject to harsh punishments, which include jail time and hefty fines. This framework seeks to safeguard the interests of stakeholders in the Turkish financial markets while ensuring accountability and fostering trust in the crypto asset sector.
6.3 What are the legal liabilities for embezzlement or misuse of assets by crypto asset service provider personnel?
Employee embezzlement or misappropriation of funds by crypto asset service providers is punishable by law under Law No. 7518. Board members, executives, and other staff members who embezzle funds, stocks, or cryptocurrency assets entrusted to them may be subject to fines of up to $5,000 and terms of imprisonment ranging from 8 to 14 years. They are also accountable for any damages to the service provider's finances. They are also liable for any financial losses incurred by the service provider. If found guilty of embezzlement that jeopardizes the provider's secure operation or harms customers, natural person partners who effectively controlled the provider may face even harsher penalties, such as fines of up to twenty thousand days and imprisonment ranging from twelve to twenty-two years.These clauses guarantee severe penalties for those who misuse their trusted positions at cryptocurrency asset service providers aiming to protect investor interests and uphold the integrity of the financial system in Turkey.
7. Transition Period and Compliance:
7.1 What steps must be taken by crypto asset service providers to inform customers and regulators during transitions or closures?
The Crypto Asset Law mandates that crypto asset service providers in Turkey follow stringent protocols when notifying regulators and clients about closures or transitions. First and foremost, a crypto asset service provider must file a declaration to the CMB as soon as possible informing it of its voluntary decision to cease operations. The notification must openly state the initiation of the liquidation process of the service provider's operations, the process must be carried out with the objective of protecting customer rights and interests. It is the duty of the crypto asset service provider to make sure that the notification is worded in a manner that ensures the customer understands the process has begun and that the notification reaches its customer base.
The service providers must adhere to the date of October 2, 2024, in situations where the discontinuation of activity is required, such as for providers who reside abroad or for ATMs that facilitate transactions involving crypto assets in Turkey. If you don't, the appropriate authorities will take enforcement action against you, which may include sealing and shutting down your business to stop providing services.
In order to guarantee full compliance with the regulations it is the duty of the service providers to keep in contact with the CMB during transition or closure processes. This contact involves giving regular reports on the status of the liquidation, swiftly responding to any questions that may arise regarding the process from the CMB and aiding in the auditing and inspection phases if any help is needed. Proactive communication from both sides is necessary to ensure regulatory compliance and reducing risks affiliated with the crypto market.
7.2 How does the law handle the termination of activities or liquidation of crypto asset service providers?
The Crypto Asset Law outlines a very specific and strict process for the termination of operations and liquidation process of crypto asset service providers. As mentioned before, when crypto asset service providers are terminating their operations voluntarily they are obligated to make declaration to the CMB in writing with their intention to terminate their activities by 2 October 2024. It must be added that it is crucial to ensure that this process does not compromise the rights of the service users. Service providers wishing to terminate their activities are strictly prohibited from taking on new clientele during the liquidation process and to notify existing clientele in a timely and appropriate manner.
The Crypto Asset Law also states that any crypto asset service providers who are offering services such as using ATMs to facilitate crypto asset transactions and cash conversions and/or any crypto asset providers who are based in foreign countries are no longer allowed to continue their operations. The termination of activities regarding these types of service providers is also 2 October 2024. The authorities in charge will pursue legal action in line with the legislation for any service providers in this category who do not terminate their activities by the stated date.
The CMB is the main regulatory power when it comes to the creation and functioning of crypto asset service providers as well as the power to oversee the regulatory compliance of these service providers in ensuring client security and compliance with the outlined technological infrastructures as well as checking the financial stability within the service providers. This high level of scrutiny regarding these services are in place to guarantee market integrity and safety. Instances of non-compliance are met with severe legal consequences which are previously outlined.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.