Communiqué Amending the Communiqué on Remote Identity Verification Methods and Establishment of Contractual Relationship in Electronic Environment for Brokerage Houses, Portfolio Management Companies and Crypto Asset Service Providers (III-42.1.a)
AI-generated summary for informational purposes only. Not legal advice. See the original source for the authoritative text.
This Turkish Capital Markets Board communiqué, published on 28 February 2026, expands the scope of the original 2022 regulation (III-42.1) to explicitly include crypto asset service providers alongside brokerage houses and portfolio management companies. It updates procedures for remote identity verification (including video calls and liveness detection) and the establishment of electronic contracts that replace written forms. The changes strengthen risk assessment before video verification, mandate live-personnel involvement with specific training, require AI-based methods to follow MASAK guidelines, and impose stricter system security and periodic review obligations. Entities must now perform risk scoring via electronic forms, conduct liveness checks, obtain verbal confirmation at the end of video sessions, and apply enhanced monitoring to remotely verified customers.
AI-generated summary. May contain errors. Refer to official sources for legal decisions.
Key Changes
- Expanded scope to include crypto asset service providers (platform operators, custody providers, and initial sale/distribution entities)
- Mandatory electronic form and risk assessment before initiating video call; process may be terminated without video if risk is high
- Remote identity verification procedures must be reviewed at least twice per year and additionally upon security breaches, fraud awareness or regulatory changes
+ 3 more changes with Pro
Obligations
What this law requires
Brokerage houses, portfolio management companies, and crypto asset service providers must perform risk assessment of applicants using electronic forms before initiating video verification calls, with minimum data requirements per MASAK General Communiqué (No: 19) Article 6(1)
Personnel conducting remote identity verification must receive training to determine with certainty that individuals voluntarily request to become customers or use services, and must be trained on fraud and forgery indicators
Remote identity verification procedures must be documented in a business workflow procedure, tested for effectiveness with written results recorded, and not implemented unless testing is successful
Remote identity verification procedures must be reviewed at least twice annually, and additional reviews must be conducted when security breaches occur, relevant regulations change, fraud risks emerge, or weaknesses in the method are discovered
Liveness detection methods must be used during video call verification, and additional measures must be implemented to prevent synthetic face technology risks