The main domestic legislation in Turkey regarding the prevention of money laundering is the Law on Prevention of Laundering Proceeds of Crime no. 5549 (“Law No. 5549”) which is based upon the recommendations of The Financial Action Task Force (hereinafter referred to as “FATF”). FATF simply sets out an anti-money laundering program for its member states. Article 5 of Law No. 5549, addresses the regulations that determine the procedures and principles of taking necessary measures including training, internal auditing, and control and risk management systems on a risk-based approach. Law No 5549 is further elaborated upon under the Regulation on Measures for Prevention of Laundering the Proceeds of Crime and Financing of Terrorism (“Measures Regulation”) and the Regulation on Compliance Programs Regarding Prevention of Laundering the Proceeds of Crime and Financing of Terrorism (“Compliance Regulation”).
Anti-money laundering programs aim to detect suspicious activities associated with money laundering and prevent institutions from being used for money laundering or the financing of terrorism by implementing transparency policies and working in collaboration with financial intelligence units.
Among those listed in Article 4 of the Measures Regulation, the following are liable to establish compliance programs and corporate policies (hereinafter referred to as the “obligors”):
By following six simple steps and taking the precautions stipulated by law, organizations can comply with their regulatory obligations and may prevent criminal and administrative investigations regarding money laundering.
Obligors are expected to create a risk-based corporate policy by considering the size of a business and the types of transactions undertaken. The policy should contain risk management, control, training, and internal auditing procedures.
Corporate policy aims to ensure that a corporation complies with obligations to prevent the laundering of the proceeds of crime and terrorist financing. It requires appropriate evaluation of customers and services. The policy must cover strategies to follow in order to reduce the risk that an obligor might be exposed to. It shapes the internal auditing policies, precautionary matters and determines the responsible parties.
Further to that, corporate procedures should be determined in order to implement the corporate policy. Procedures must ensure delegation of authorities meaning that persons who act for an obligor are not the same as those who monitor the risks.
Corporate policies and procedures are codified in writing, supervised by a compliance officer and, as much as possible, carried out with the participation of all departments within an obligor’s organization. Corporate policy should be approved by an obligor’s board of directors.
Corporate policies, and any subsequent amendments made to them, are sent to MASAK by compliance officers. Obligors are required to obtain employee signatures to demonstrate they have communicated corporate policy to them.
In the scope of their corporate policies, corporations can determine the core mechanisms of their compliance programs, such as customer recognition systems enabling the identification of a beneficial owner of a transaction while handling a customer and measures that will prevent technologies from being used for laundering the proceeds of crime or terrorist financing.
Obligors are expected to create risk management policies by considering the size of a business and the types of transactions it undertakes. Risk management aims to determine, grade, monitor, evaluate and minimize risks that an obligor might be exposed to. Risk management policies must, at the least, include internal measures and operational rules regarding customers regulated under the Measures Regulation.
Risk management policies must involve adequate methods to define, rank and classify risks by considering customer risk, services risk, and country risk. Risky transactions must be reported, and their execution must be subject to further approval and monitoring if necessary.
If a customer or a beneficial owner identified by following corporate procedures or the services required or the relative country, is assessed to be of high risk, an obligor should apply additional measures, such as obtaining detailed information about the customer, the aim of the transaction, the nature of the business relationship, and the source of the assets and funds subject to the transaction.
Obligors carry out monitoring and controlling activities in the scope of their corporate policies by considering the size of their business and the types of transactions undertaken. The aim is to protect obligors from risks, and to monitor and control obligors’ compliance with the legislation and corporate policies and procedures.
In these terms, high-risk customers and transactions, transactions executed between countries of high risk, and complex and extraordinary transactions must be monitored and controlled.
Obligors should appoint a compliance officer within 30 days of obtaining official authorization. A compliance officer is appointed as a subordinate to the board of directors, or to one or more members to whom the board of directors has transferred authority. MASAK decides whether an appointed compliance officer meets the legal criteria.
The board of directors should establish a compliance unit subordinate to the compliance officer, within the obliged corporation by considering the size of the business and types of the transactions undertaken, the number of branches and personnel and the size of the risk that the obligor might be exposed to.
Compliance officers are responsible and authorized to research and evaluate suspicious transactions upon being notified or ex officio, and to report the transactions they find suspicious to MASAK.
Compliance officers are responsible for developing corporate policies and procedures, risk management policies, monitoring and auditing policies, training programs on the prevention of laundering the proceeds of crime and financial terrorism, researching, and evaluating potential suspicious transactions, and communicating and coordinating with MASAK.
Within the scope of their corporate policy, an obligor should establish a training policy that determines the responsible parties, participants, and responsible trainers. Training aims to raise awareness regarding corporate policies and procedures, and risk management. Training should be conducted by the compliance officer.
A compliance officer must give at least the minimum level of training on the following subjects: terms of money laundering and terrorist financing, stages of money laundering, the pertinent legislation, corporate policies and procedures, principles for the identification of customers and the reporting of suspicious transactions, and the obligation to provide information and documentation.
Each year by the end of March, an obligor must submit a report on training to MASAK.
Internal auditing aims to assure the board of directors of the effectiveness of a compliance program. Annual internal auditing assesses the efficiency and sufficiency of the overall compliance program with a risk-based approach.
Deficiencies, errors and abuses revealed as a result of an internal audit, and opinions and suggestions to prevent their recurrence are reported to the board of directors. Each year by the end of March, the results of auditing and relevant statistics regarding the obligor are submitted to MASAK.
If an obligor is found not to be in compliance with requirements regarding training, internal auditing and risk management systems, a period of not less than 30 days is given to correct deficiencies and take the necessary precautions. If after 30 days an obligor still fails to comply with their obligations, an administrative fine of TRY 500,000 is imposed by MASAK. The administrative fine is issued as a written notification which gives the obligor a period of not less than 60 days to correct its deficiencies. If an obligor again fails to comply with its obligations, the administrative fine is doubled. Finally, if an obligor fails to comply within 30 days of being notified of the second administrative fine, the obligor’s operations may be temporarily restricted, suspended, or their authorization license may be cancelled.
For each liability, in the year of a breach, the total amount of administrative fines imposed cannot exceed TRY 4 million. If an obligor is penalized for the same type of breach in the following year the upper limits for penalties are doubled.
Laundering the proceeds of crime is regulated as a crime under the Article 282 of Turkish Criminal Code. Whereas only real persons are held liable under this article, with the latest amendments made to Article 43/A of the Misdemeanors Law, administrative fines of up to TRY 50 million can be imposed on legal persons involved in laundering the proceedings of crime.
The Compliance Regulation clearly deems the board of directors responsible and liable for conducting an effective compliance program. This involves the appointment of a compliance officer, determining a compliance unit’s authority and responsibilities, and monitoring the fulfilment of the above-explained duties within the scope of the program.
Even though a board of directors may delegate its authority to conduct a compliance program to select board members, it doesn’t prevent the board from being held responsible for non-compliance.
Companies and investors in Turkey can avoid sanctions and large penalties by maintaining compliance with anti-money laundering legislation and duly constituting and enforcing corporate policies and procedures. It should be emphasized that besides conducting a zero-tolerance policy on monitoring and imposing sanctions, MASAK also follows rapidly changing international and domestic trends and rules regarding the laundering of the proceeds of crimes and terrorist financing. Therefore, it is very important for corporations to keep themselves up to date and to comply with their obligations and compliance measures.