Turkey's Law No. 5549 on Prevention of Money Laundering

Law No. 5549 — formally the Law on Prevention of Laundering Proceeds of Crime — is Turkey's foundational AML/CFT statute. Published in the Official Gazette (No. 26323) on 11 October 2006, it created the Financial Crimes Investigation Board (MASAK), defined the regulated-entity framework, established customer due diligence obligations and built the suspicious transaction reporting mechanism. This article walks the statute article by article, showing the operational impact each provision carries — which everyday compliance workflow each clause translates into.

Context

Law 5549 replaced Law No. 4208 on the Prevention of Laundering of Money (1996). The change was driven by FATF mutual evaluation findings and EU accession pressure. The post-2006 Turkish AML framework brought:

• A broader regulated-entity definition (extending from classic financial institutions to professional service providers),
• A modernised STR mechanism,
• Clear MASAK supervisory and administrative-fine authority,
• A risk-based approach aligned with FATF Recommendations.

The statute becomes operational through three secondary instruments:

1. The Regulation on Measures to Prevent the Laundering of Proceeds of Crime and the Financing of Terrorism (2008) — the framework regulation.
2. MASAK Communiqués (Sıra No. 1-19+) — compliance officer, internal controls, training, STR format, etc.
3. Sectoral regulator communiqués (BDDK, SPK, CBRT) — sector-specific.

Article-by-article walkthrough

Article 1 — purpose and scope

Purpose: prevent the laundering of proceeds of crime, set out the necessary measures, establish MASAK and define its duties. Scope: all regulated entities in Turkey, and transactions occurring in or directed at Turkey.

Article 2 — definitions (regulated entity)

The regulated-entity definition is the statute's backbone. Article 2 enumerates (summary):

• Banks,
• Insurance, reinsurance and pension companies,
• Capital markets firms,
• Investment trusts,
• Factoring, financial leasing and financing companies,
• Authorised currency exchange offices,
• Postal and courier providers (for remittances),
• Precious metal, stone and jewellery intermediaries,
• Second-hand motor vehicle dealers,
• Real estate intermediaries,
• Gambling and betting operators,
• Lawyers (for specified transactions),
• Independent accountants and sworn financial advisors,
• Payment and electronic money institutions,
• Crypto asset service providers (added by Law No. 7518),
• Savings finance companies,
• Asset management companies.

The full list lives in Article 2 plus current secondary instruments.

Article 3 — identity verification

Regulated entities must verify the identity of any person seeking to establish a business relationship or carry out a one-off transaction. This is the foundation of the customer due diligence (CDD) obligation. Articles 5-25 of the Regulation set the detail:

• Continuous business relationship: ID mandatory regardless of amount.
• One-off transaction: ID required above 75,000 TRY.
• Cross-border electronic transfers: originator/beneficiary information travels.
• High-risk circumstances: enhanced due diligence.

For operational depth see our MASAK compliance guide.

Article 4 — suspicious transaction reporting

This article sits at the core of the STR system. The regulated entity:

• Reports any transaction it considers suspicious to MASAK,
• Files the report within 10 business days,
• Cannot inform the customer that an STR has been or will be filed (tipping-off prohibition),
• Receives a statutory safe harbour for good-faith filings (no contractual or other liability arises).

The safe harbour in the final paragraph of Article 4 is operationally critical: bank staff filing in good faith are immunised from contractual liability claims — the legal cushion that overrides the "protect the customer" reflex.

Article 5 — information and document provision

Regulated entities must provide information and documents requested by MASAK. The response window is set by MASAK (typically 10-30 days). Storage format and medium must be inspector-accessible.

Article 6 — training, internal audit and control

Regulated entities establish AML/CFT training, internal audit and control mechanisms. The detail sits in the Regulation and MASAK Communiqué Sıra No. 13:

• Periodic AML/CFT training for all staff,
• Compliance officer appointment (above-threshold entities),
• Independent internal audit,
• Annual risk assessment.

Article 7 — retention and production

Customer due diligence documents and transaction records are kept for 8 years. Storage may be electronic or physical; records must be producible on inspection.

Article 8 — continuous information provision

Regulated entities provide information continuously per MASAK's chosen method (e.g. periodic reporting for specific transaction types).

Article 9 — information sharing

MASAK shares information on request with foreign counterpart authorities (Egmont Group FIU members). Regulated entities have no standing to intervene.

Article 10 — customs declaration

Cash and high-value instruments above 25,000 EUR (or equivalent) must be declared on entry to or exit from Turkey. This is a customs obligation, not a regulated-entity obligation.

Articles 11-12 — MASAK structure and duties

Establishes MASAK within the Ministry of Treasury and Finance; enumerates its duties (supervision, FIU function, standard-setting, international cooperation).

Article 13 — administrative fines

Framework for administrative fines on breaches of the Law and Regulation. Fines are revalued annually. As of 2026 (practical ranges):

Fines are updated annually; check MASAK's published fine tables.

Article 14 — criminal liability

Certain breaches (failure to file STR, providing false information) can be jointly assessed with Article 282 of the Turkish Penal Code (laundering proceeds of crime), which carries imprisonment.

Articles 15-18 — execution, entry into force, transitional provisions

Standard final clauses.

Three operationally critical points about Law 5549

1. The regulated-entity definition is broad. The most-missed point: lawyers, accountants, real estate intermediaries and even second-hand motor vehicle dealers are regulated entities for specified transactions. Reading the statute from a classic banking lens and concluding "we are out of scope" creates surprise administrative fines on inspection.
2. The 10-business-day clock has a precedent. The clock starts when the compliance officer becomes aware — but excessive internal escalation lag is itself a breach. Operational rule of thumb: a first-line analyst should hand the alert to the compliance officer within 1-3 business days.
3. The 8-year retention period exceeds the standard 5-year banking rule. Banks generally operate on a BDDK 5-year retention rule, but the binding period for AML/CFT records is the 8 years in Law 5549 Article 7. Configure deletion policies accordingly.

Law 5549 and the secondary stack

The statute sets the framework; operational detail lives in secondary instruments. References a compliance team should have to hand:

Frequently asked questions

When did Turkey's Law No. 5549 come into force?

It was published in Official Gazette No. 26323 on 11 October 2006 and entered into force on the same date, simultaneously repealing the 1996 Law No. 4208 on Prevention of Laundering of Money. It has been amended several times since; the most consequential change is the addition of crypto asset service providers to the regulated-entity scope via Law No. 7518 of 21 May 2024.

How do I know if I am a regulated entity?

Article 2 of Law 5549 enumerates the categories; secondary instruments (Regulation, communiqués) fill in detail. In ambiguous cases entities may request a MASAK opinion or take legal advice. Most financial institutions are in scope; non-financial sectors (real estate, lawyers, second-hand vehicle dealers) are typically in scope only above thresholds or for specified transaction types.

How does Law 5549 relate to Turkish Penal Code Article 282?

Law 5549 provides the administrative/supervisory framework (administrative fines, licence restrictions). Article 282 TPC (Laundering of Assets Derived from Crime) defines the substantive criminal offence and carries imprisonment. Failure to file an STR or providing misleading information can be jointly assessed under both — the same act can produce both an administrative fine and a prison sentence.

Where can I read the MASAK Regulation?

The 2008 Regulation on Measures to Prevent the Laundering of Proceeds of Crime and the Financing of Terrorism and its subsequent amendments are tracked through the Official Gazette archive and the MASAK website. Apply only the currently-in-force version; operating on outdated drafts is a source of inspection findings.

Does the 8-year retention requirement apply only to PDFs or paper?

No. The requirement is format-neutral. What matters is that the supervisor (MASAK plus the sectoral regulator) can access readable, untampered records. Modern regulated entities prefer immutable storage (WORM, audit-logged systems). Where paper documents have digital equivalents, the original must also be retained for the same period in case of dispute.

How Legichain helps with Law 5549 compliance

Legichain covers every operational obligation under Law 5549 on a single platform: identity verification (NFC + video), sanctions/PEP screening, transaction monitoring, STR-format output and 8-year auditable retention. The Legichain AML screening API automatically explains sanctions and PEP hits; analysts see only marginal cases. Full audit logs export in MASAK-inspection-ready format.

Next steps

• MASAK compliance guide — operational depth.
• Turkey AML/KYC pillar guide — cluster hub.
• MASAK obligations for PSPs and e-money institutions — sector-specific.