CRYPTO ASSET LAW PASSED IN TBMM

6362 numbered Capital Markets Law (“Law”), which was submitted to the parliament as the Legislative Proposal on Amendments to the Capital Markets Law (“Law”), entered into force after being published in the Official Gazette dated 02.07.2024. With the adoption of the draft law, the first legal regulation on crypto assets was made in Turkey.

Within the scope of the Law, the authority to regulate the crypto asset area was given to the Capital Markets Board (“Board”) and it was regulated that Crypto Asset Service Providers (“CVSPs”) (platforms, crypto asset custody service providers and other institutions designated to provide services related to crypto assets, including the initial sale or distribution of crypto assets in the regulations to be made based on this Law) must obtain a license from the Board in order to be established and provide services. The principles regarding the partners, managers, personnel, organisation, capital and capital adequacy, liabilities, information systems and technological infrastructures, share transfers, activities they can carry out, temporary or permanent suspension, and the secondary regulations that they must comply with will be determined by the Board until 02.01.2025.

Another important title within the scope of the Law is the regulation of the requirement to obtain permission from the Board in case the companies providing Crypto Asset Services transfer their shares. This issue also covers organisations operating as CSDs on 02.07.2024, the effective date of the Law, and transfers made in violation of the specified regulations will not be registered in the share ledger and will be deemed null and void.

Within the scope of the Law, CSDs are obliged to make the necessary arrangements, take the necessary measures and establish the necessary internal control units and systems for the secure management of their systems. In relation to the establishment and/or commencement of operations of CSDs, their compliance with the criteria to be determined by the Scientific and Technological Research Council of Turkey (“TÜBİTAK”) will be sought.

As with other regulated financial institutions, the new regulation has introduced certain rules for the shareholders of companies providing Crypto Asset Services. These rules are as follows; the shareholders should not be bankrupt, should not have declared concordat, should not have a restructuring application approved through reconciliation or a decision to postpone bankruptcy, should not have a final conviction for the offences specified in the Law, should have the necessary financial strength, honesty and reputation required by the business, and should have a transparent and open partnership structure.

In addition, although the Board is authorised to regulate the procedures and principles regarding the trading, clearing, transfer and custody of crypto assets through CSDs and to impose measures and sanctions, the opinion of the Banking Regulation and Supervision Agency (“BRSA“) will also be required for the obligations to be imposed on banks.

The Law also stipulates that any contractual terms that eliminate or limit the liability of CSDs towards their customers shall be invalid and effective mechanisms shall be established to resolve customer complaints quickly.

In addition, activities carried out by non-resident CSDs for Turkish residents will be deemed as unauthorised cryptoasset services. These service providers will be deemed to be providing unauthorised cryptoasset services to Turkish residents if they open a workplace in Turkey, create a website in Turkish, and engage in promotional and marketing activities directly and/or through persons or institutions residing in Turkey.

Another important authorisation granted to the Board is that if the Board determines that the PDPPs cannot or will not fulfil their financial obligations, the Board may request the PDPPs to strengthen their financial structures within an appropriate period of time not exceeding 3 months or temporarily suspend the services provided by the PDPPs without giving any period of time. The Board also has the right to restrict the signature authorisations of a manager or employee whose fault is detected.

Members of the Board of Directors of companies providing Crypto Asset Services may be sentenced to imprisonment from eight to fourteen years and a judicial fine of up to five thousand days if they embezzle for themselves or someone else the documents and securities that are equivalent to money and crypto assets entrusted to them due to their duties and which they are obliged to supervise.

The Board’s Announcement on Crypto Asset Service Providers (“Announcement”) published on 2 July 2024 contains important information on CSPs. The trading, clearing, settlement, transfer and custody services of crypto assets, as well as the custody and management of private keys will be considered within the scope of the Law when performed commercially or professionally.

Existing crypto asset service providers must apply to the Board until 02.08.2024 and obtain an operating permit or liquidation decision with the necessary documents. Institutions that have decided to liquidate must complete this process until 02.10.2024 and notify customers.

Non-resident crypto asset service providers must terminate their activities in Turkey until 02.10.2024 at the latest. Those who continue to operate after this date will be subject to criminal penalties. In addition, the activities of ATMs and similar electronic devices used for crypto asset transactions must also be terminated by the same date. The applications submitted to the Board will be announced on the website if they are complete and sufficient, and incomplete or insufficient applications will not be included in the list. Persons engaging in unauthorised PDPHS activities may be sentenced to imprisonment from three to five years and a judicial fine from five thousand days to ten thousand days.

GRC LEGAL Comment

After the incidents in the Crypto Asset sector in our country and in the world in the past, which resulted in thousands of people becoming victims, the legal regulation, which was necessary to be made, finally entered into force and the first step was taken in our country in this context. Although it is foreseen that many additional regulations may be needed with the dynamics of the sector over time, the regulation on KVHSs has a very important place in our country as it is the first step taken in this regard. The crypto asset sector is a sector that has developed with technology and has become quite widespread today, and due to the nature and volume of the market, it is an area where cyber attacks and fraudulent activities are very common. For this reason, it is extremely important for the financial security of citizens to adopt certain regulations, rules and, if necessary, legislative principles where sanctions will be applied.

In addition, within the scope of the regulation, we believe that the obligation of KVHSs to comply with the infrastructure and information technology criteria to be determined by TÜBİTAK, the introduction of conditions for the Companies providing Crypto Asset Services and the Boards of Directors of these Companies, and the criteria to be introduced by the Board will increase confidence in the sector and reduce victimisation.