Crypto Asset Regulations in Turkey
Crypto Asset Regulations in Turkey: 2 July 2024 Amendment to the Capital Markets Law and the Innovations it Introduces in terms of Crypto Asset Law
Assoc. Prof. Dr. Pınar ÇAĞLAYAN AKSOY- Atty. Sema Selek
Introduction
In recent years, crypto assets have become one of the fastest growing and most talked about elements of the digital world. This digital revolution, which started with the emergence of Bitcoin in 2009, has been further fuelled by the launch of Ethereum, Ripple and thousands of other cryptocurrencies. Initially used only by technology enthusiasts and early adopters, crypto assets are now an area where millions of people invest, shop and even become part of the financial system.
However, this rapid rise, as with all other emerging technologies, has brought with it the need for legal regulation. The inherently decentralised and cross-border nature of crypto assets has led to its exclusion from existing financial and legal systems. Governments faced the necessity to determine the legal status of crypto assets and to take measures against the risks brought by these new financial instruments. While some countries were quick to take these measures and introduce regulations, some countries adopted a ‘wait and see’ approach and preferred to observe the conflicts of interest arising from crypto assets for a while longer. Turkey, not remaining indifferent to these developments in the world, started to take steps towards a comprehensive regulation on crypto assets.
Published in the Official Gazette dated 2 July 2024 and publicly known as the ‘Crypto Asset Law’, this regulation was introduced to draw the legal framework of the crypto asset market in Turkey and protect users. The law aims to secure the rights of individual investors while introducing new obligations for crypto asset service providers. In this article, we will examine the innovations brought by this regulation, the legal status of crypto assets and their possible effects on the market.
Crypto Asset Regulation Process in Turkey
The regulation of crypto assets poses a number of challenges due to their nature. Although the features such as anonymity, confidentiality and decentralization underlying these assets are advantageous in terms of users' security and transaction confidentiality, they also constitute a major obstacle for regulatory authorities. The non-transparent structure of crypto assets makes it difficult to supervise service providers and creates risks that may threaten the reliability of the financial system.
In particular, the regulation of the trading and custody of crypto assets is complex due to the nature of the market. The high volatility in the prices of crypto assets exposes market players to great risks, making the establishment of regulatory frameworks even more difficult. Moreover, the storage of these assets in encrypted wallets poses additional challenges in confirming the ownership of the assets. The decentralised nature of cryptoassets makes it difficult for governments and regulatory bodies to effectively intervene in this area, which makes cryptoasset regulation more complex.
Until 2018, various institutions in Turkey warned investors that they should be careful about crypto assets, especially in terms of ICOs (Initial Coin Offering). The BRSA (Banking Regulation and Supervision Agency), in an announcement published in 2013, stated that ‘Bitcoin, which is known as a virtual currency that is not issued by any official or private institution and for which no guarantee is given, is not considered as electronic money within the scope of the Law due to its current structure and functioning, and therefore, it is not possible to supervise and control it within the framework of the said Law. On the other hand, the fact that the identities of the parties in transactions conducted with Bitcoin and similar virtual currencies are not known creates a favourable environment for the use of these virtual currencies in illegal activities. In addition, Bitcoin is open to risks such as the market value may be extremely volatile, digital wallets may be stolen, lost or used improperly without the owners' knowledge, as well as risks arising from operational errors or abuse by malicious sellers due to the irreversibility of the transactions made.’
In the bulletin published by the Capital Markets Board (CMB), another regulatory authority, in 2018, it was stated that ‘Most of the applications for collecting money using block-chain technology, also known as “Cryptocurrency Sales” or “Token Sales”, are outside the regulation and supervision area of our Board. Digital asset sellers sell digital assets for specific (such as financing a project or company) or, in most cases, vague promises.
(…) Information on the use of the money collected after the sales process is included in the “whitepaper”, a document like a prospectus. ICOs are very high-risk and speculative investments. For this reason, investors who consider purchasing digital assets should be aware of the risks and examine in detail what is promised in return for the digital asset to be purchased,” he said, pointing out some of the risks of ICOs. According to the CMB, most ICOs are outside the authority and scope of regulatory institutions due to their structure and are not subject to any regulation and supervision. The money collected within the scope of these projects may not be used for the stated purposes, and the documents provided by the sellers may contain incomplete and misleading information. Since the majority of the projects that raise funds in this way are early-stage projects, the project may fail and the entire investment made may be lost.
The approach adopted by public authorities regarding crypto assets in Turkey became clear with the announcement made by the Financial Stability Board (FSB) on 10 January 2018. In this announcement, it was emphasised that crypto assets do not have a legal basis and that transactions with these assets are not secured by any official authority. The announcement also drew attention to the risks arising from the storage of crypto assets in digital wallets. It was stated that situations such as theft, loss or unauthorised use of crypto assets are irreversible and therefore users should be careful.
Turkey took an important step in 2021 in the regulation of cryptoassets and banned the use of cryptoassets as a means of payment with the regulation of the Central Bank of the Republic of Turkey (CBRT) dated 16 April 2021. With this regulation, crypto assets are not defined as money or securities, but payment for goods or services with them is prohibited. The same regulation prevented payment institutions and e-money institutions from transferring funds to cryptocurrency platforms, but allowed banks to continue to transfer funds. Thus, while investment in cryptoasset platforms in Turkey is allowed, the use of cryptoassets in payment transactions is prohibited. This law was criticised in the crypto asset ecosystem in Turkey and was considered as a practice that undermines the development of the sector.
On 01.05.2021, the Regulation Amending the Regulation on Measures to Prevent Laundering Proceeds of Crime and Financing of Terrorism (‘Amendment Regulation’) was published in the Official Gazette and entered into force.
With this regulation, obligations such as customer recognition, suspicious transaction notification, providing information and documents, providing continuous information, preservation and submission have been imposed on crypto asset service providers. It should be noted that it is not easy to determine which crypto asset platforms fall within the scope of the concept of crypto asset service provider. This is because the aforementioned regulation does not include any definition in this regard. MASAK later issued a Guideline regulating the obligations of cryptoasset service providers and set out the scope of the obligations of cryptoasset service providers in more detail (MASAK - Basic Principles on Obligations for Crypto Asset Service Providers Regarding the Prevention of Laundering Proceeds of Crime and Financing of Terrorism, May 2021). It shows Turkey's efforts to create a more secure and transparent environment in the crypto asset market. However, these changes were not deemed sufficient by the Financial Action Task Force, which is responsible for ensuring financial security and stability at the global level, and Turkey remained on the grey list until 2024.
Finally, the Law Amending the Capital Markets Law No. 7518, known as the ‘Crypto Asset Law’, which entered into force on 2 July 2024, provided comprehensive regulation of the crypto asset market in Turkey. This law regulates cryptoasset service providers, the activities of platforms, the custody of cryptoassets and the transactions that Turkish residents can make on these platforms. The law aims to stabilise the potential impact of cryptoassets on the financial system and bring this market within a regulatory framework. These steps are part of Turkey's effort to establish a legal order in the crypto asset market and increase market security.
Legal Definition of Crypto Assets
Crypto assets are legally defined by the ‘Law Amending the Capital Markets Law’ dated 2 July 2024. According to this definition, crypto assets are intangible assets that can be created and stored electronically using distributed ledger technology (DLT) or a similar technology, distributed over digital networks, and can express value or rights. This definition provides a framework that covers the main characteristics and functions of crypto assets.
Crypto assets are considered as digital data units that do not have a physical nature. These assets differ from traditional assets due to their intangible nature and exist entirely in digital environments. From a functional point of view, crypto-assets present a structure in which digital units called coins and tokens are categorised according to certain functions. The exact function of tokens may vary according to the intended use determined between the parties, and in this context, tokens can be used for financial, commercial or social purposes.
Although the definition of crypto-assets is set out in the Law dated 2 July 2024, it is still important to determine the legal nature of crypto-assets. It should be underlined that this situation is not unique to Turkey. The most important obstacle in determining the legal nature of crypto assets is the lack of clear regulations on this issue worldwide. Definitions and regulations on crypto assets worldwide as legal statuses differ, the handling of these assets within a legal framework continues to be a complex process. However, from an economic point of view, the fact that crypto assets are accepted as assets that can be subject to legal transactions reveals that these assets are seen as a valuable means of exchange.
Categorisation of Crypto Assets: Crypto assets are categorised into various groups based on their characteristics and functions. Although there are many different groupings, the most common distinction is the coin-token distinction. Essentially, coins refer to crypto assets that have their own blockchains. Examples include cryptocurrencies such as Bitcoin and Ethereum.
The second group of crypto assets, called tokens, is more difficult to classify and categorise. This is because each token has its own unique features and functions. Therefore, the grouping of tokens should be shaped according to their functional and technological infrastructures
1. Securities Crypto Assets: Crypto assets that contain rights specific to securities and are used for investment purposes.
2. Electronic Money Crypto Assets: Assets designed for electronic payment purposes.
3. Distributed Ledger Technology (DLT) Based Crypto Assets: Assets whose value is derived from distributed ledger technology or a similar technological infrastructure.
4. Utility Crypto Assets: Assets that provide access to a service or product. Assets that provide copyright on digital items such as photos, videos, audio, artworks can also be included in this group.
Apart from these groupings, crypto assets can also be divided into two main classes according to whether there is an asset behind their value: stable crypto assets and unstable crypto assets. Stable crypto assets are those that have the purpose of fixing their value to a value based on the value of money, commodities, crypto assets and similar assets and their combinations used as reserve assets, while those that are not included in this group are called unstable crypto assets.
As can be seen, it is not easy to determine the legal nature of crypto assets, which can be defined and categorised in different ways. In this regard, the detailed justification of the amendment draws attention to the ‘principle of independence from the instrument’. Determining the nature of the cryptoasset and its place within the scope of the legislation according to the rights/opportunities granted to the recipient is called the ‘principle of independence from the instrument’. Therefore, within the scope of this principle, when a cryptoasset is in question, firstly, ‘what this asset promises’ to the persons to whom it is sold or transferred should be taken into consideration. For example, if a cryptoasset is offered to the market with the promise of granting the buyer the right of partnership in a company, this may fall within the scope of an irregular public offering and the relevant cryptoasset may be subject to the provisions of the Capital Markets Law No. 6362. Therefore, cryptoassets should be regulated not only according to their technological infrastructure, but also according to the rights and obligations they offer to investors. In this context, it is clearly emphasised that if crypto assets fall under the jurisdiction of different institutions according to their characteristics and the rights they promise, the duties and authorities of these institutions may also be used in relation to the relevant crypto assets.
Crypto Asset Service Providers and Related Regulations
The rapid growth of the crypto asset ecosystem has led to an increase in the number of service providers operating in this field. Crypto asset service providers are one of the cornerstones of this ecosystem and offer various services related to crypto assets. These service providers consist of platforms, crypto asset custodians and other organisations that provide services such as the initial sale or distribution of crypto assets. The establishment and activities of cryptoasset service providers are subject to certain legal regulations almost all over the world.
In the European Union, MiCA, the regulation governing cryptoasset service markets, will come into full force by the end of 2024. Since MiCA is a Regulation, it will be applied directly in all countries without being transferred to the domestic laws of the member states, such as Directives. The Regulation basically categorises crypto assets into various classes and sets out in detail what the obligations of the entities providing services related to them are. Furthermore, the member states of the European Union have local regulatory authorities responsible for the registration and licensing of cryptoasset service providers. These regulatory bodies set local rules and requirements to ensure the implementation of the MiCA regulation. For example, the Federal Financial Supervisory Authority (BaFin) in Germany, the Financial Markets Authority (AMF) in France, the National Banking and Financial Market Commission (CONSOB) in Italy, and the Spanish Securities and Markets Commission (CNMV) in Spain take on this responsibility. The European Securities and Markets Authority (ESMA) provides general regulation and guidelines for cryptoasset markets under the MiCA regulation, but the direct registration or licensing of service providers is carried out by local regulators. Within the US, state regulators are responsible for ensuring that cryptoasset service providers comply with local regulations and licensing requirements. These regulators oversee that state-based cryptoasset service providers are registered and follow local laws. For example, New York State's Department of Financial Services (NYDFS) sets specific regulations and licensing requirements for cryptoasset service providers.
As of the second half of 2024, crypto asset service providers in Turkey are required to obtain authorisation from the Capital Markets Board (CMB) in order to establish and operate. In this process, the principles and principles that the relevant institutions must comply with will be determined by secondary regulations to be issued based on Articles 35/B and 35/C added to the Capital Markets Law No. 6362. These regulations are expected to be issued before the end of 2024.
The legal framework established by the amendment aims to ensure that the activities of crypto asset service providers are carried out in a transparent, reliable and lawful manner. In addition, these service providers are obliged to make the necessary arrangements, take the necessary measures and establish the necessary internal control units and systems in order to manage their systems securely.
On 2 July 2024, immediately after the ‘Law Amending the Capital Markets Law’ numbered 7518 was published in the Official Gazette numbered 32590 and entered into force, the CMB published a Guideline and clarified some of the issues that were curious. This text, titled ‘Announcement Regarding Crypto Asset Service Providers’, is an important guidance for Turkish and foreign platforms that are already carrying out crypto asset service provision activities in Turkey and for platforms that wish to start their activities. The Guideline provides that cryptoasset service providers operating as of 02.07.2024 are required to continue their activities or clearly states the steps to be followed in case they wish to liquidate. The Guidance also includes regulations for organisations that are new to offering cryptoassets.
- For those who want to continue their activities: As of 02.07.2024, institutions that are engaged in crypto asset service provider activities and wish to continue these activities must submit the specified information and documents to the Capital Markets Board (CMB) until 02.08.2024. These documents include the information, documents and explanations in Annex/1 and Annex/2, and must include statements in accordance with the first paragraph of Provisional Article 11.
- For those who will take a liquidation decision: As of the same date, crypto asset service providers that decide to terminate their activities are required to submit their declarations that they will not accept new customers during the liquidation process and detailed explanations regarding the liquidation process to the CMB until 02.08.2024.
Institutions wishing to commence operations after the effective date of the Law are also required to submit their declarations to the CMB in writing, together with the necessary information, documents and explanations, before commencing their operations.
On 5 August 2024, the institutions that applied to the CMB and the institutions that declared that they would liquidate their activities were announced on the website of the CMB under the titles ‘List of Institutions in Operation’ and ‘List of Institutions Declaring Liquidation’. In this framework, forty-seven CSDs are included in the first list.
It should be noted that the application made to the CMB within this one-month period and the fact that their names are mentioned in the list prepared by the CMB does not mean that these institutions and organisations are licensed to start their services (establishment permit) or to continue their activities (operation permit). For this purpose, the conditions determined by the Board must be met and documents must be submitted.
In this context, the CMB's Resolution No. i- CMB.35.B (dated 8 August 2024 and numbered 42/1259 p.k.) published in the Board bulletin dated 8 August 2024 and numbered 2024/38 clearly lists the conditions for the establishment of platforms that will operate in the crypto asset sector. Accordingly, pursuant to the Resolution, certain conditions must be met in order for the Board to authorise the establishment of platforms to operate in the cryptoasset sector. In this framework, platforms wishing to provide cryptoasset services in Turkey:
To be established as a joint stock company, to have all of their existing shares in registered form, to issue their shares in cash, to have a minimum capital of TRY 50,000. 000 TL capital must be fully paid in cash and the shareholders' equity must not be less than this amount (this amount may be increased within the scope of the regulations to be issued by the Board regarding the operating principles), their articles of association must comply with the provisions of the Capital Markets Law No. 6362 and the relevant regulations, and their founders must fulfil the conditions specified in the Law and the relevant regulations, The phrase ‘crypto asset trading platform’ must be included in their trade names, the subject of operation must be exclusively determined as the realisation of one or more of the crypto asset purchase and sale, initial sale or distribution, clearing, transfer and custody transactions required by these, the board of directors must consist of at least three members, and the shareholding structure must be transparent and open.
It should be noted that the companies that are or will be included in the ‘List of Operating Companies’ prepared by the CMB by collecting the necessary information and documents are required to be listed in the Principle Decision dated 8 August 2024.
must apply to the Board until the close of business on 8 November 2024 by meeting the conditions stipulated by the Board. Companies on the list will be able to continue their activities until the Board's regulations on operating conditions enter into force. Pursuant to the same Resolution, platforms that have received permission for establishment will be required to apply to the Board separately to obtain an operating licence within the scope of the operating principles and principles to be determined by the Board later on.
Finally, it should be noted that the Law also contains important regulations regarding the activities of non-resident crypto asset service providers in Turkey. As of the entry into force of the Law, platforms based abroad are required to terminate their activities for Turkish residents within three months. This obligation covers situations such as opening a workplace in Turkey, creating a Turkish website or direct promotion and marketing activities, and is considered as unauthorised cryptoasset service provision. Following this regulation, some foreign-based exchanges announced that they would continue their services in Turkey but decided to stop their direct marketing activities.
TÜBİTAK's Role in the Crypto Asset Ecosystem
With the enactment of the law, TUBITAK (The Scientific and Technological Research Council of Turkey) has assumed a critical role in regulating and securing the crypto asset ecosystem. Supervision of the technical infrastructure of crypto asset service providers (CVSPs) and the necessary
Under the Law, the role of TÜBİTAK is defined within the framework of technical consultancy. TÜBİTAK will fulfil its duties such as determining technical criteria, preparing technical reports, conveying opinions and participating in audits upon the request of the CMB.
- Determination of Technical Criteria for Licences: In order to obtain a licence, crypto asset service providers must comply with certain technical criteria regarding their information systems and technological infrastructure. These criteria will be determined by TUBITAK and if compliance is ensured, CSPs will be able to obtain a licence.
- Support for Innovative Technologies: Within the scope of the Law, blockchain technology is specifically supported and studies in this field are encouraged. Regarding the sale or distribution of crypto assets produced by companies developing new generation blockchain technologies, TÜBİTAK will prepare technical reports and evaluate whether the projects are in the original blockchain infrastructure.
- Opinion Forming: Platforms will make their own decisions on which crypto assets will be listed or delisted. There will be no direct intervention by a central authority in this process, but TUBITAK will be able to give its opinion on the minimum technical criteria to be followed in line with certain principles and principles.
- Participation in Independent Audits: The audits of the licensed KVHSs will be carried out by independent audit firms. In these audits, TÜBİTAK's opinions will be taken on the procedures and principles regarding information systems, and TÜBİTAK will be able to participate in the audits if requested by the CMB.
- Financial Support for Blockchain Technology: According to the law, crypto asset platforms will transfer 1% of their revenues excluding interest to the CMB and 1% to TÜBİTAK. This resource transferred to TÜBİTAK will be used for the popularisation of blockchain technology in Turkey and the financing of projects developed in this field.
Ensuring Security and Transparency in the Crypto Asset Market
The new law is considered as an important step towards ensuring transparency, security and order in the crypto asset market and aims to create a more secure and responsible ecosystem for both users and service providers.
One of the regulations introduced to ensure security and order in the crypto asset market is related to the issuance of crypto assets. With the provisions added to the Capital Markets Law, the Capital Markets Board (CMB) was authorised to determine the principles for the issuance of capital market instruments as crypto assets without being included in the Central Registry Agency system. This step constitutes a guarantee for all actors operating in the market by ensuring that the crypto asset issuance processes are carried out in a more regular and secure framework.
The listing and delisting processes of crypto assets constitute another important dimension of the law. Since the classification of assets as ‘good’ or ‘bad’ by a central authority is incompatible with the decentralised structure of the crypto asset ecosystem, it is obligatory to establish written procedures in the processes of determining the crypto assets to be traded on the platforms and terminating their trading. These procedures will be regulated in accordance with the principles and principles determined by the CMB and will ensure that the platforms act in accordance with the principles of transparency and fair operation.
Relations between customers and Crypto Asset Service Providers (CVSPs) are also secured by the new regulations. The possibility of making contracts through remote communication tools, which is granted to other financial institutions such as banks and brokerage houses, has also gained a formal legal basis for CSPs. However, any contractual terms that eliminate or limit the responsibilities of CSDs towards their customers are deemed invalid. This regulation aims to protect the rights of customers and to ensure that CSPs operate in a more accountable manner. In addition, special emphasis is placed on the obligation of identification within the framework of the Law on Prevention of Laundering Proceeds of Crime.
Finally, the regulations on the transparency of platforms require all transfer transactions to be recorded in accordance with international principles. This obligation increases the traceability of crypto asset transactions and encourages platforms to operate in accordance with international standards. Compliance with the regulations made by the CMB and the Financial Crimes Investigation Board (MASAK) will play an important role in ensuring the auditability and reliability of the platforms.
Crypto Asset Custody Services
The custody of crypto assets and the protection of client assets are critical to the security and stability of the crypto asset ecosystem. The new regulations aim to introduce stronger protection and security measures in this area.
Today, platforms provide their customers with the public keys of their wallet addresses and keep the private keys of these wallets within their own organisation. This means that the control of the wallets is completely in the hands of the platforms. Customers create dematerialised TL and crypto asset balances in exchange for the cash and crypto assets they deposit on the platform, and have the opportunity to transfer these assets to their own wallets outside the platform.
in a platform-controlled wallet. However, customers who want to benefit from price movements quickly usually prefer to keep their assets in platform-controlled wallets.
This preference makes the use of cold wallets restrictive due to the complexity and time-dependency of operational processes. However, holding assets in client-controlled wallets or secure third parties can significantly reduce the risks of misappropriation.
The new regulation introduces important regulations on crypto asset custody services. Mainly, clients are encouraged to hold their assets in their own wallets. However, when this is not possible, certain third parties will need to step in for the purpose of safe custody of assets. At this point, it is envisaged that crypto asset custody services will be provided by banks authorised by the Capital Markets Board (CMB) and approved by the Banking Regulation and Supervision Agency (BRSA) or other institutions determined by the CMB.
In addition to crypto asset custody services within the scope of customer protection and security measures, the new regulation also introduces significant changes regarding the protection of customer assets. With the new regulations, it is envisaged that client cash and crypto assets will be kept separately from the assets of crypto asset service providers. This aims to guarantee that client assets will not be affected by the debts of crypto asset service providers and will be protected in case of financial difficulties of the service provider.
In addition, it is regulated that the cash and crypto assets of the customers cannot be seized, pledged or subjected to precautionary measures due to the debts of crypto asset service providers. This regulation aims to increase customer security by ensuring that customer assets are protected from all kinds of legal and financial risks.
These new regulations on crypto asset custody services and the protection of client assets aim to ensure a more secure and sustainable operation of the crypto asset ecosystem. These regulations will enable crypto assets to be stored and managed in a secure environment, minimising the risks that both clients and crypto asset service providers may face.
Protection of Customer Cash and Crypto Assets: New Regulations and Liability Regime
1. Illegal Activities and Transactions
New regulations have been introduced regarding the illegal activities and transactions of crypto asset service providers (KVHS). Within the scope of these regulations, administrative measures to be applied in case of unauthorized activities and failure to fulfill the obligations of KVHSs have been determined.
• Unauthorized Activities and Measures: Article 96 of the Law determines the measures against the illegal activities of crypto asset service providers, while Article 99 regulates the measures to be taken against organizations providing unauthorized crypto asset services. In addition, the first paragraph of Article 100 determines the regulations regarding the announcements, advertisements and statements of unauthorized providers.
• Failure to Fulfill Obligations: The measures to be applied in cases where KVHSs fail to fulfill their cash payment and crypto asset delivery obligations, as well as announcements, advertisements and announcements made over the internet in violation of the principles and prohibitions determined by the Board, have been explained.
• Investment Consultancy and Portfolio Management: Measures to be applied in case of investment consultancy and/or portfolio management for crypto assets contrary to the principles determined by the Board and in case platforms located abroad operate towards persons located in Turkey have been determined.
2. Prohibition of Exemption from Liability in Contracts Established with Crypto Asset Service Providers
In the last sentence of Article 35/C-(1) of Law No. 6362, it is stipulated that contract terms that eliminate or limit the liability of crypto asset service providers to customers will be invalid. However, according to the general provisions of the Turkish Code of Obligations (TCO), the debtor's exemption from liability can be decided due to slight fault. In other words, exemption agreements regarding the debtor's slight fault are valid. However, if such agreements are authorized by law or authorized authorities and are for the performance of a profession or art requiring expertise, they are absolutely null and void (TCO Art. 115/f. 2). In this case, the judge cannot deem the exemption from liability agreement regarding slight fault valid even by exercising his/her discretion. For crypto asset service providers, the service is performed as permitted by law or authorized authorities.
It should be noted that non-liability records can be regulated not only in individual contracts but also in general transaction conditions. In Turkish law, it is possible to eliminate liability with general transaction conditions; however, in this case, the non-liability record stipulated as a general transaction condition must be subject to inspection. During the content inspection stage, while examining the validity of non-liability records in the general transaction conditions, the mandatory provisions in Article 115 and Article 116 of the TCC should also be taken into consideration. Normally, in each concrete case, the judge will need to conduct a content inspection and evaluate whether these records are valid. However, with this regulation made in the CMB, a different approach has been adopted regarding this inspection.
3. Fault-Based and Strict Liability of Crypto Asset Service Providers (KVHS)
The legal and criminal liabilities of crypto asset service providers have been clearly determined in terms of various acts and situations with the legislative amendments. First, let's focus on legal liability:
In the 3rd paragraph of Article 99/B of the CMB, it is regulated that KVHSs will be held responsible for damages arising from their failure to fulfill their cash payment and/or crypto asset delivery obligations. However, in order for this liability to arise, KVHS must cause damage through an unlawful activity. Here, when the cash payment and/or crypto asset delivery obligation is an obligation towards the customer under the contract between the crypto asset service provider, there is a contractual liability. In this context, KVHSs can be held responsible if there are elements of an unlawful act, damage, causal link and fault.
When we consider why the legislator holds KVHSs responsible only for unlawful acts, the following reasons come to the fore:
- KVHSs may face requests such as blocking access to crypto assets or freezing assets within the scope of their obligations determined by MASAK.
- In order to prevent the commission of financial crimes, KVHSs may, when deemed necessary, restrict or block access to cash or crypto assets belonging to customers.
- Due to slowdowns or technical problems experienced in crypto asset networks traded on international platforms, there may be delays in transactions involving the transfer of assets that customers want to withdraw to their crypto asset wallets.
- In the event that cash or crypto assets in the customer account are stolen as a result of the customer being exposed to fraud or social engineering techniques without the fault of KVHS, it may not be possible to return these assets to the customer despite the customer's request.
As seen in these examples, KVHSs have not been held responsible for damages incurred due to the activities of their customers or third parties.
Another provision regulating the legal liability of KVHSs is included in the 4th paragraph of Article 99/B. Crypto asset service providers are held responsible for crypto asset losses arising from acts such as the operation of information systems, all kinds of cyber attacks, information security violations or any behavior of personnel within the scope of Article 71 of Law No. 6098. In this context, as per the reference made in the Capital Markets Law, the provisions regarding Danger Liability regulated in the Turkish Code of Obligations are applicable to the torts of crypto asset service providers.
Article 71 of the Turkish Code of Obligations No. 6098 regulates danger liability. Danger liability is a type of liability independent of fault and is accepted as the most severe type of strict liability. The legislator has evaluated KVHSs in the category of enterprises that carry their own unique dangers by introducing a regulation that KVHSs will be responsible for crypto asset losses regardless of whether they are at fault or not. Therefore, in incidents such as cyber attacks and information security violations, KVHSs are held responsible for the damages that occur within the scope of danger liability even if they are not at fault. The fact that crypto asset service providers are positioned and held responsible just like a nuclear power plant operation reveals how “dangerous” the legislator views crypto asset activities. However, losses incurred in cases such as interruptions in services provided without the fault of crypto asset service providers, temporary inability to transmit orders or inability to make transactions/transfers are excluded from the scope of this paragraph.
4. Legal and Criminal Liability of Crypto Asset Service Provider Members
With the amendment made to the Capital Markets Board (CMB), the criminal liabilities of employees of these organizations as well as crypto asset service providers have been regulated. In the event that crypto asset service provider employees commit embezzlement, imprisonment and fines have been foreseen for the chairmen and members of the board of directors and other members, and it has also been regulated that their personal bankruptcy can be decided by the court for compensation of damages.
According to the first paragraph of Article 110/A of the CMB, it is defined as the crime of embezzlement for employees of crypto asset service providers to transfer money, documents that replace money, promissory notes, other goods or crypto assets that are entrusted to them due to their duties or that they are obliged to protect, keep and supervise into their own or someone else's account. It has been ruled that employees of crypto asset service providers who commit this crime will be subject to imprisonment from eight to fourteen years and a judicial fine of up to five thousand days.
Legal liability for embezzlement is regulated in the first paragraph of Article 110/B of the CMB. It is foreseen that the chairman and members of the board of directors and other members who are found to have made decisions and transactions considered as embezzlement, and the real person partners who have legal or actual management or control, will be primarily responsible for the amount determined to have been embezzled, limited to the damages they have caused to their customers. Upon the request of the Board, the court may decide on the direct personal bankruptcy of the employees of crypto asset service providers, and if it is determined that these decisions and transactions were made for the purpose of providing benefits to third parties, the persons providing the benefits will also be held responsible for the amount of the benefits they have provided. In addition, within the scope of the third and fourth paragraphs of Article 99/B of the law, which is addressed under the title of liability of crypto asset service providers, it is regulated that employees will be held responsible for situations such as “failure to fulfill cash payment and/or crypto asset delivery obligations” and “crypto asset losses arising from acts such as the operation of information systems, cyber attacks, information security violations or the behavior of personnel” resulting from illegal activities, in accordance with the personal liability provisions regulated in Article 110/B. However, this liability will come into play if the damage cannot be compensated from the crypto asset service providers or if it is clearly obvious that it cannot be compensated. In any case, the liability of employees will be limited to the damages and losses that can be attributed to them, to the extent of their faults and the requirements of the situation.
5. Administrative and Judicial Requests Regarding Cash and Crypto Assets
New regulations have been introduced regarding the fulfillment of administrative and judicial requests such as precautions, seizures and similar measures regarding cash and crypto assets:
• Inquiry and Seizure via Information Systems: Inquiry and electronic seizure of cash and crypto assets belonging to customers will be provided via information systems.
• Tax and Public Receivables: It is intended that the follow-up of taxes, penalties and other public receivables of state and local governments will be carried out in accordance with the provisions of Law No. 6183.
Conclusion
The amendments made to the Capital Markets Law regarding crypto assets in Turkey aim to regulate the crypto asset ecosystem, protect investors and also bring trust and transparency to the sector. Indeed, establishing a clearer legal framework for crypto assets and crypto asset service providers is an important and necessary step. Many countries around the world are following a similar approach.
With the amendments to the Capital Markets Law and the subsequent documents and notifications prepared by the CMB, important obligations such as licensing, capital adequacy and protection of customer rights have been introduced for crypto asset service providers. Although it is a necessity to provide certain minimum conditions for the purpose of protecting investors and to hold persons operating in the ecosystem accountable for their unlawful behaviour, the legal and criminal liabilities foreseen for crypto asset service providers and their members are quite heavy. Here, it is seen that a heavy liability structure has been created even from other financial institutions, such as banks. An important point to consider is that secondary regulations regarding the crypto asset ecosystem have not yet been made. In this context, the regulations to be prepared by both the CMB and TÜBİTAK and expected to be completed by the end of this year will create a clearer picture of the course of the crypto asset ecosystem in Turkey as we enter 2025.