Legal Landscape of FinTech in Türkiye: Trends and Transformations in 2025

Overview

In 2025, Türkiye’s fintech ecosystem underwent a transformative year, defined by the establishment of a comprehensive secondary regulatory framework for crypto assets, significant advancements in open banking and digital payment infrastructure, and continued progress on the Digital Turkish Lira project. Building on the crypto assets legislation enacted in 2024 through amendments to the Capital Markets Law No. 6362, the Capital Markets Board (CMB) introduced a full suite of communiqués governing the establishment, operation, capital adequacy, and information systems requirements of crypto asset service providers, marking the transition from primary legislation to an operational regulatory regime.

The Central Bank of the Republic of Türkiye (CBRT)’s Digital Turkish Lira project progressed into its second phase, with the Second Phase Progress Report published in November 2025 outlining key advances in programmable payments and offline payment capabilities via smart cards. Looking ahead, the 2026 Presidential Annual Programme confirms that work on the legal regulations necessary for the introduction of the digital Turkish lira will be undertaken in 2026.

Türkiye demonstrated a significant appetite for banking services, with a total of 142.1 million credit cards[1], 1.8 million POS devices, and 56,514 ATMs.[2]

The Finance Office of the Presidency of the Republic of Türkiye released its statistics highlighting the growth of the country’s fintech sector. By October 2025, $201.3 million had been invested in fintech companies. Among the most notable fintech investments of 2025 were Midas ($80 million), Sipay ($78 million), Fimple ($12 million), Goldtag ($10 million), and Valenspara ($8.1 million), representing key verticals ranging from digital payments to AI-powered security solutions[3]. Key areas shaping Türkiye’s fintech landscape in 2025 include the operationalization of the crypto asset regulatory framework; the expansion of open banking and API standardization; the maturation of digital payment infrastructure through FAST TR QR codes and increased mobile payment limits, crowdfunding, and the continued development of the Digital Turkish Lira. As Türkiye advances its digital financial infrastructure and aligns its regulatory framework with international standards, the country is well positioned to consolidate its role as a leading fintech hub in the region.

Crypto Assets

The most significant regulatory development in the crypto asset domain in 2025 was the introduction of a comprehensive secondary regulatory framework on operations and the establishment of crypto asset service providers under the Crypto Assets Law that entered into force in 2025. The key legislative developments are as follows:

• The Communiqué on Operating Procedures and Principles and Capital Adequacy of Crypto Asset Service Providers (No. III-35/B.2), published in the Official Gazette dated 13.03.2025 and numbered 32840, established the full regulatory framework governing the activities of crypto-asset service providers. The communiqué permits platforms to engage in order receipt and execution, clearing and transfer transactions, intermediation in the initial sale or distribution of crypto assets, custody and management of crypto assets or private keys, and investment advisory services related to crypto assets, subject to CMB authorization. The minimum initial capital requirement was set at TRY 150 million for platforms and TRY 500 million for depository institutions. At least 95% of customer crypto assets not held in customers’ own wallets must be kept with depository institutions, with a maximum of 5% retained in platform wallets and an intraday cap of 10% on customer crypto assets held in platform wallets.
• The Communiqué on the Procedures and Principles Regarding the Establishment and Operation of Crypto Asset Service Providers (No. III-35/B.1), published in the Official Gazette dated 13.03.2025 and numbered 32840, set out the conditions for the establishment, commencement of operations, and ongoing activities of crypto-asset service providers. Providers must be incorporated as joint stock companies with registered shares issued against cash consideration, maintain a transparent shareholding structure, and ensure that their articles of association and founders comply with capital markets legislation. Platforms are additionally required to include the phrase “crypto asset trading platform” in their trade names, enter into an agreement with at least one depository institution, open dedicated bank accounts for customer cash balances, and establish a compliant price surveillance mechanism. Pursuant to the transitional provisions, platforms included on the actively operating institutions list are required to apply for an operating license by 30.06.2025, obtain an authorization certificate by 30.06.2026, and enter into a depository agreement by 31.12.2025. The deadline for the submission of independent information systems audit reports was subsequently extended to 31.12.2025 by a CMB decision dated 05.09.2025, and the deadline for platforms to submit depository agreements within the scope of operating license applications was further extended to 31.03.2026 by a CMB decision dated 04.12.2025.
• The Communiqué (No. III-62.2.b) and the Communiqué on Information Systems Management (No. VII-128.10), both published in the Official Gazette dated 13.03.2025 and numbered 32840, extended the information systems audit and management framework to crypto asset service providers. Crypto-asset service providers are required to undergo an independent information systems audit on an annual basis and to comply with the information security criteria set by TÜBİTAK with respect to their information systems and technological infrastructure. Both communiqués entered into force on 30.06.2025. Accordingly, under its transitional provisions of the Communiqué on Information Systems Management (No. VII-128.10), crypto asset service providers must comply with the rules on the resilience of information systems, including the obligation to maintain primary and secondary systems in Türkiye, by the end of 2025, and with the requirements on internal audits by licensed information systems auditors by the end of 2026, while entities other than crypto asset service providers must comply with the latter requirement by the end of 2026 and with the remaining provisions by the end of 2025.
• The CMB published Principle Decision No. i-SPK.35/B.2 on 08.05.2025, establishing the framework for proof of reserves audits to be conducted by authorized information systems auditors. Such audits must be carried out on a quarterly basis, covering crypto assets representing at least 80% of total customer balances, with 100% verification of all assets within scope.

Anti-Money Laundering and Counter-Terrorism Financing

In 2025, several amendments were introduced to Türkiye’s anti-money laundering (AML) and counter-financing of terrorism (CFT) regulatory framework, with a particular focus on crypto-asset service providers. The MASAK General Communiqué (Serial No. 28), published in the Official Gazette dated 12.06.2025, extended remote customer identification requirements to crypto asset service providers, mandating verification of customer address information, name, surname, date of birth, and Turkish identity number through the identity sharing system database of the General Directorate of Population and Citizenship Affairs. The MASAK General Communiqué (Serial No. 29), published in the Official Gazette dated 28.06.2025, introduced enhanced customer due diligence measures applicable to crypto asset service providers, including mandatory waiting periods of at least 48 hours and 72 hours for first-time transactions for crypto asset withdrawal transfers; daily and monthly withdrawal limits of USD 3,000 and USD 50,000 respectively, for stable-value crypto assets; and a minimum 20-character transaction description requirement for all crypto asset transfers.

The CMB’s secondary legislation on crypto asset service providers, published on 13.03.2025, also included explicit references to compliance with Law No. 5549 on the Prevention of Laundering Proceeds of Crime and Law No. 6415 on the Prevention of Financing of Terrorism within the licensing and operational framework applicable to crypto platforms and depository service providers.

In addition to these regulatory amendments, MASAK updated and published various sector-specific guidance documents in 2025 to enable obliged entities to fulfil their compliance obligations more effectively. These included updated versions of the Suspicious Transaction Reporting Guidelines, the Crypto Asset Service Providers Guide, the Tightened Measures Guidelines, and the Financing of Terrorism Guidelines. All these guides are grounded in a risk-based approach aligned with FATF standards, incorporating differentiated obligations according to sector and customer risk profile, alongside updated typologies and red flag indicators. The Crypto Asset Service Providers Guide is particularly noteworthy, as it establishes a comprehensive framework specific to this sector, covering customer due diligence, the Travel Rule[21], and on-chain transaction monitoring obligations.

Regarding electronic reporting processes, MASAK announced the transition to the MASAK Online 2.0 system in 2025. This new platform enables all electronic notifications, most notably suspicious transaction reports, to be submitted through a single centralized system, supports API integration for large-scale obliged entities, and enhances reporting quality through automated pre-validation mechanisms. In parallel, the “Strategy Document on Enhancing Effectiveness in Combating the Financing of the Proliferation of Weapons of Mass Destruction (2025–2029)” was adopted pursuant to the Presidential Circular dated 29 March 2025. This strategy document sets out a five-year action plan aimed at ensuring the effective implementation of targeted financial sanctions under UN Security Council resolutions, completing the national risk assessment for proliferation financing, and strengthening public private sector cooperation, representing a clear institutional commitment on the part of Türkiye to countering proliferation finance.

Payment Services

The compliance deadline for payment service providers to fulfill their obligations as Account Service Providers (ASPs) under the open banking framework was extended from 31.03.2025 to 31.12.2025. The scope of ASPs was also redefined: payment service providers that are FAST system participants, as well as non-FAST participants ranking in the top ten by payment volume for the relevant year, will be eligible to act as ASPs. Furthermore, the deadline for payment service providers already offering digital wallet services without an operating license to apply to the CBRT and obtain the necessary authorization was similarly extended to 31.12.2025.
In 2025, five companies were granted licenses to operate as electronic money institutions or payment institutions. Six companies had their existing licenses expanded to include additional payment services. On the other hand, one company’s operating license expired, and eight companies had their operating licenses revoked[22].

Payment Institutions Granted an Operating Licence in 2025

Payment Institutions Granted an Expanded Operating Licence in 2025

Crowdfunding Platforms

The “Communiqué on Crowdfunding” issued by the CMB regulates the principles and procedures applicable to equity-based and debt-based crowdfunding activities. Crowdfunding is an investment model created to meet the financing needs of startups that want to produce products and services. Platforms intermediate crowdfunding based on equity and/or debt and provide services in an electronic environment. Platforms must be listed by the CMB to engage in crowdfunding activities.

In 2025, the implementation of the Communiqué on Crowdfunding was further clarified through the determination of standard information forms to be disclosed on campaign pages. Following a public consultation process initiated by the CMB on 31.05.2025, the CMB announced in its Bulletin dated 23.12.2025 (No. 2025/65) that the final standards applicable to the crowdfunding information forms were determined and published on its official website. These standards apply to both equity-based and debt-based crowdfunding campaigns and set out the mandatory content to be disclosed by entrepreneurs and startup companies during the fundraising process.

In 2025, the platforms listed by the board to operate in crowdfunding activities are as follows:[23]

Developments in Digital Turkish Lira

Digital money is the digital form of the currency issued by a country’s central bank, which can be used as legal tender in both domestic and international payments. The digital Turkish lira is not a separate currency from the Turkish lira, it is simply its digital form, carrying the same value as all other forms of the Turkish lira, such as banknotes and book money. 

The CBRT’s Digital Turkish lira project aims to build an infrastructure for innovative payment use cases and strengthen financial inclusion. Following the First Phase Evaluation Report published at the end of 2023, second-phase activities commenced with the focus shifting to maturing the prototype into a minimum viable product and integrating financial intermediaries into the system. In November 2025, the CBRT published its Digital Turkish Lira Second Phase Progress Report[24], outlining advances across several key areas:

• Programmable Payments: CBRT developed a system enabling individuals and legal entities to execute instant, scheduled, and conditional payments based on pre-defined criteria, integrated with digital identity and tokenized asset systems. The system is built around payment templates and payment packages, which allow flexible, rule-based payment flows that automate financial processes and reduce operational burdens for both individuals and institutions.
• Offline Payments: In the area of programmable payments, On the offline payments front, the CBRT worked toward enabling digital Turkish lira transactions without any internet or mobile network connection, so as to mirror the experience of cash payments and promote financial inclusion, particularly in rural areas or during service disruptions such as natural disasters. Smart cards were identified as the preferred hardware solution due to their low cost, established security standards, and widespread existing use.
• Interoperability and Integration: Financial intermediary institutions will be integrated into the Digital Turkish Lira System via the Service Layer, through which know-your-customer processes, user verification, and digital Turkish lira transactions will be executed. The CBRT also published a call for ecosystem participation, inviting finance and technology sector organizations to develop innovative use-case scenarios and projects, with the aim of establishing the digital Turkish lira as a significant component of Türkiye’s fintech ecosystem.
• Digital Identity and Cross-Border Payments: The second phase adopted the Self-Sovereign Identity (SSI) model via TÜBİTAK’s SSI Türkiye Platform, under which no personal data is stored within the platform. On cross-border payments, a proof-of-concept study was conducted on the use of digital currencies in local-currency transactions over a closed distributed ledger network using smart contracts, with the shared platform expected to simplify transaction flows, increase transparency, and reduce settlement times and costs.

Once the second phase is complete, should a decision be taken to put the digital Turkish lira into circulation, the aim is to proceed to a third phase in which relevant processes, including legislative arrangements, will be carried out. In line with this, the 2026 Presidential Annual Programme[25] confirms that work on the legal regulations necessary for the introduction of the digital Turkish lira will be undertaken in 2026, alongside the completion of simulation studies on the adoption impact of digital money within the CBRT, and proof-of-concept work on the use of the CBDC in the settlement of tokenized securities.

Open Banking

Open banking has continued to advance in Türkiye in 2025, with the implementation period for regulatory obligations introduced in prior years, including those relating to digital wallets and API standardization, coming into full effect. The most significant development was the amendment to the Regulation on Payment Services, prepared by the CBRT and published in the Official Gazette on 28 March 2025.

The amendment introduced important clarifications regarding the scope of open banking obligations. Previously, all payment service providers holding payment accounts potentially related to open banking services, including payment initiation and account information services, were required to connect to the BKM and provide the necessary infrastructure to other authorized providers. Under the amended Regulation, these obligations now apply specifically to providers that also offer their customers direct online access to their payment accounts. Additionally, subject providers must be participants in the FAST. Among non-FAST participants, only those ranking in the top ten by payment volume, based on the preceding calendar year’s transactions, remain within scope.

In parallel, CBRT published an amendment to the Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services in the Official Gazette on 28.03.2025. The amendment regulated the obligations applicable under the data sharing services framework for payment service providers holding payment accounts that are required to connect to the BKM API Gateway and provide the necessary infrastructure. FAST participants and non-FAST participants ranking among the top ten in terms of payment volume for 2024 are required to fulfill these obligations by 31.12.2025, while those ranking among the top ten in subsequent years are required to comply by the end of the relevant year.

With these obligations now in force, further API standardization and the growth of third-party provider (TPP) services are anticipated in 2026, alongside closer regulatory scrutiny of compliance. Data security and user privacy are expected to remain central areas of discussion as the ecosystem matures.

You can download PDF version of the report here.