Home arrow News arrow A New Era in MASAK Legislation: Principles Established for Remote Identity Verification of Non-Turkish Natural Persons Using Passports

A New Era in MASAK Legislation: Principles Established for Remote Identity Verification of Non-Turkish Natural Persons Using Passports


A.   Introduction

The “Communiqué Amending the Financial Crimes Investigation Board General Communiqué (Serial No: 19) (Serial No: 32)” (“Amendment Communiqué”), prepared by the Ministry of Treasury and Finance, was published in the Official Gazette dated 27 June 2026 and numbered 33293, and entered into force on the same date. The Amendment Communiqué introduced various amendments to the Financial Crimes Investigation Board General Communiqué (Serial No: 19) (“Communiqué”), published in the Official Gazette dated 30 April 2021 and numbered 31470.

The full text of the Amendment Communiqué is available here.

B.   Background to the Amendments

Under the existing provisions of the Communiqué, the remote identity verification mechanism was regulated exclusively for Turkish natural persons, and there was no provision allowing this method to be used for foreign natural persons.

The Amendment Communiqué removes this restriction and enables obliged parties to onboard non-Turkish natural persons, as well as foreign natural persons authorized to represent legal entities registered with the trade registry, through remote identity verification by means of passports that comply with the International Civil Aviation Organization’s (“ICAO”) Doc 9303 standard and have near-field communication (“NFC”) functionality.

C.   Principles Regarding Remote Identity Verification of Non-Turkish Natural Persons Using Passports

Article 4/C, added to the Communiqué by the Amendment Communiqué, comprehensively regulates the procedures and principles for the remote identity verification of non-Turkish natural persons. In this context, the key provisions are summarized below:

  (i)      Mandatory Video Call and Artificial Intelligence Applications

Remote identity verification is carried out through a video call by personnel who have received specialised training on remote identity verification using passports. This requirement does not prevent the use of artificial intelligence-based applications that meet the conditions set out in the ninth paragraph of Article 4 of the Communiqué for the purposes of liveness testing or photo comparison.

        (ii)        Mandatory Verification via NFC

The identity information contained in the passport chip must be matched with the information on the passport using NFC. If such verification cannot be performed, a business relationship may not be established through remote identity verification.

       (iii)       Verification of Compliance with the ICAO 9303 Standard

The necessary checks are carried out to verify that the passport used for remote identity verification complies with the ICAO Doc 9303 standard. The principles set out in Article 4/A of the Communiqué for identity documents — except for the obligation to verify through the identity sharing system — also apply to passports, unless otherwise provided.

       (iv)        Obligation to Capture Images

During the video call process, images must be captured showing the person and the information on the passport presented by the person.

        (v)        Address Verification Obligation

The address information obtained within the scope of remote identity verification must be verified, under a risk-based approach and within three months at the latest, through a certificate of residence, an invoice issued in the relevant person’s name within three months prior to the transaction date for address-based subscription services such as electricity, water or natural gas, a document issued by any public institution, or the public databases of the relevant country. Money transfers and cash withdrawals may not be carried out until address verification is completed.

       (vi)        Assessment of Technical Data

Technical data obtained from the electronic environment through which the transaction is conducted during the remote identity verification process, such as IP/port information, device identity, geolocation, browser information and similar data, together with the information in the passport, are assessed under a risk-based approach. If any circumstance giving rise to suspicion is identified, the remote identity verification process is terminated immediately.

      (vii)       Application to Legal Entities

In the remote identity verification of legal entities registered with the trade registry, the identity verification of the non-Turkish natural person authorized to represent the legal entity may also be carried out under the same principles, provided that the information required for persons authorized to represent, as set out in the first paragraph of Article 7 of the Regulation on Measures Regarding the Prevention of Laundering Proceeds of Crime and Financing of Terrorism (“Regulation”), is obtained.

D.   Risk Management, Monitoring and Control Obligations

The Amendment Communiqué introduces various obligations for obliged parties that must be fulfilled before commencing customer onboarding under this amendment and throughout the process. In this context, the key obligations are summarized below:

         (i)         Implementation Guide and Institutional Policies

Obliged parties are required to prepare an implementation guide regarding customer due diligence, risk management, monitoring and control activities in relation to customers to be acquired under the Amendment Communiqué. Obliged parties that are required to establish a compliance program must also include these measures in their institutional policies and procedures.

        (ii)        Exclusion of Citizens of High-Risk Countries

Obliged parties may not onboard citizens of countries they have identified as high-risk as customers through the remote identity verification method using passports.

       (iii)       Notification Obligation to the Presidency

Within one month following the commencement of customer onboarding, the measures taken and the procedures and guides prepared must be notified to the Financial Crimes Investigation Board Presidency (“Presidency”).

       (iv)        Quarterly Statistical Reporting

Statistical information regarding customers accepted under the Amendment Communiqué must be submitted to the Presidency during the last month of each calendar quarter.

E.   High-Risk Customer Status and Additional Measures

Customers onboarded through remote identity verification using passports are assessed within the high-risk group under the Communiqué and are subject to monitoring and control measures appropriate to this status, in addition to the measures set out in Article 6 of the Communiqué and Article 26/A of the Regulation. The main additional measures envisaged in this respect are as follows:

         (i)         Identity Verification Through a Bank Account

For the purpose of verifying identity information, a money transfer must be made from a bank account held domestically or abroad, or from a debit or credit card, that is consistent with the customer’s identity information. It must also be checked that the identifying information in the messages generated for the money transfer matches the information obtained from the customer within the scope of remote identity verification for the opening of the account. This transfer and verification process must be completed before any other transaction is carried out through the customer account. If this process is not completed within the reasonable period to be determined by the obliged parties in their procedures and guides, the obliged party is required to terminate the business relationship and assess whether a suspicious transaction report should be filed.

        (ii)        Money Transfer Restrictions

Only money transfers from bank accounts opened abroad in the person’s own name may be sent to the account opened through remote identity verification. Transfers of funds abroad from such account may also be made only to bank accounts opened in the name of the relevant person. However, if face-to-face identity verification is conducted with such persons, transactions may be carried out without being subject to cash withdrawal or money transfer restrictions.

       (iii)       Rule on Cash Transactions

If cash deposit or withdrawal transactions are carried out from the account of a customer with whom a business relationship has been established within the scope of remote identity verification, obliged parties must pay special attention to such transactions, take the necessary measures to obtain sufficient information regarding the purpose of the transaction, and retain the information, documents and records obtained in this context so that they can be submitted to the competent authorities upon request.

       (iv)        Determination of Turkish Citizenship or Taxpayer Status

If it is understood that a non-Turkish natural person whose identity has been verified by passport within the scope of remote identity verification has acquired Turkish citizenship or has become a taxpayer in Türkiye, a copy of the Republic of Türkiye Identity Card or the tax identification number is obtained electronically and associated with the customer information.

F.   Other Amendments

Other amendments introduced by the Amendment Communiqué include the update of the definition of “financial institution” to refer to the relevant subparagraph of the Regulation, the inclusion of crypto asset service providers within the scope of Article 5/A in addition to portfolio management companies, and the expansion of the definition of obliged party in the third paragraph of Article 6 of the Communiqué through the use of the term “Obliged Parties.”

G.  Conclusion

The possibility of remote identity verification using passports introduced by the Amendment Communiqué should be regarded as more than a mere AML/CFT compliance update. Enabling non-Turkish natural persons and foreign natural persons authorized to represent legal entities registered with the trade registry to be included in the financial system without applying to a physical branch constitutes a structural change that directly affects Türkiye’s capacity to acquire international customers through digital channels. When considered together with developments in the payment and electronic money sector, the diversification of products in capital markets, and the shaping of the regulatory framework for crypto asset services, this step has the potential to strengthen Türkiye’s infrastructure on its path to becoming a regional financial services hub.

The regulation is capable of creating concrete impact in multiple areas, such as accelerating foreign investors’ digital access to capital markets accounts, enabling Türkiye-based fintech institutions to expand their cross-border user base, and allowing crypto asset service providers to grow their international customer portfolios.

In this context, the Amendment Communiqué dated 27 June 2026 represents a critical threshold for Türkiye in terms of safely integrating foreign natural persons into the financial system through digital channels. The full realization of the potential envisaged by the regulation will depend on ensuring sectoral compliance, completing technical preparations, and building operational capacity.