What are the KYC requirements in Turkey?

Turkish KYC requirements are set by Law No. 5549 and MASAK. All obliged entities must verify customer identity, conduct CDD, apply risk-based monitoring and retain records for eight years. KYC Turkey compliance requires documents including TC Kimlik Kartı, Turkish national ID alternatives, passport and foreigner ID card for non-citizens. eKYC Turkey solutions using NFC chip verification accelerate identity verification while meeting BDDK and MASAK standards.

What is MASAK and what does AML compliance Turkey require?

MASAK is Turkey's Financial Intelligence Unit under the Ministry of Treasury and Finance. AML compliance Turkey obligations require financial institutions to conduct CDD, submit suspicious transaction reports via the MASAK Online system, maintain eight-year records and appoint a compliance officer at senior management level. MASAK compliance applies to banks, payment providers, crypto platforms and all obliged entities.

How does KVKK compliance affect KYC data handling in Turkey?

KVKK (Law No. 6698) requires all data controllers to register with VERBIS before processing personal data. KYC data is classified as personal data and must be encrypted, purpose-limited and subject to data subject access rights. KVKK compliance means cross-border transfers require equivalent protection standards. Turkish identity verification Turkey must align with both KVKK data protection and AML compliance requirements.

What documents are accepted for Turkish national ID KYC verification?

Primary documents for Turkish national ID KYC include TC Kimlik Kartı and Turkish Passport. Secondary documents include Sürücü Belgesi, Yabancı Kimlik Kartı and İkamet İzni for foreign nationals. Chip-based national ID cards with NFC receive preference. eKYC Turkey solutions support all 26 Turkish document types including biometric verification.

What are the KYB requirements for verifying Turkish businesses?

Turkish KYB verification requires Ticaret Sicil Gazetesi, Faaliyet Belgesi and Articles of Association for entity identity. Tax identity uses VKN. UBO identification is mandatory under Law No. 5549, requiring Ortaklık Yapısı, Pay Defteri and Gerçek Faydalanıcı Bildirimi documentation. KYB Turkey compliance includes verification of all beneficial owners at 25% ownership thresholds.

How does Shufti support crypto KYC Turkey compliance under CMB regulations?

Crypto KYC Turkey compliance is governed by CMB Law No. 7518, which requires platforms to obtain Capital Markets Board licences by June 2026. Shufti provides full KYC onboarding, jurisdiction verification for Travel Rule compliance, sanctions screening and eight-year record retention. Our crypto KYC Turkey solutions support CMB licence applications and post-licensing MASAK reporting obligations.

What is the data retention requirement for AML records in Turkey?

Law No. 5549 mandates eight-year retention of all AML records from the end of the business relationship. This covers KYC files, transaction records and STR documentation. AML compliance Turkey requires automated retention schedules and maintains audit-ready records for MASAK examinations and regulatory inspections.

How does Turkey's FATF membership affect AML compliance Turkey obligations?

Turkey has been a FATF member since 1991 and was removed from the grey list in June 2024 after addressing compliance gaps. Post-greylisting, MASAK and BDDK enforce heightened AML standards. FATF's 40 Recommendations guide Turkish AML policy and international correspondent banking expectations. AML compliance Turkey now requires demonstrable controls exceeding minimum standards.

What are the penalties for non-compliance with Turkish KYC and AML regulations?

Non-compliance with Turkish KYC and Law No. 5549 AML obligations results in administrative penalties and potential criminal sanctions. MASAK compliance violations attract fines; failure to maintain eight-year records, conduct proper KYC Turkey verification, or submit STRs results in enforcement action. Crypto platforms failing to obtain CMB licences by June 2026 face liquidation. Enhanced penalties apply to repeat violations.

Bulgaria

Identity Verification & KYC For Bulgaria

Shufti delivers KYC, KYB, and AML compliance for Bulgaria, navigating FATF grey list monitoring, customer due diligence requirements, and multi-regulator oversight under MAMLA.

Operational performance for Bulgaria KYC

Our Numbers Speak Volumes

98.68%

Pass Rates

100%

NFC Verification

55%

eIDV
Coverage

Evidence-Ready Checks Across Bulgarian People & Businesses

Individual Documents We Verify

Shufti supports 11 Bulgarian document types.

View All Supported Documents

Bulgarian Identity Card

Primary identification compulsory from age 14. Dual-script Cyrillic and Latin per 2009 standard; RFID chip with encrypted biometric data, Ministry of Interior.

Bulgarian Passport

Valid for international travel and KYC verification. Dual-script with holograms and security threads; issued by Ministry of Interior Consular Services.

Driver's Licence

Secondary identification for tiered KYC. Vehicle operator authorisation issued by Ministry of Interior; accepted as supplementary ID for lower-risk customers.

Business Entity Identity

Commercial Register Certificate

Issued by the Registry Agency; confirms legal entity registration, incorporation status, and company details in Bulgaria's official business register.

Certificate of Registration with Unified Identification Code

Official document issued upon commercial registration; contains the 9-digit Unified Identification Code (UIC) used as the primary entity identifier.

Business Tax Identity

VAT Registration Certificate

Issued by the National Revenue Agency; shows VAT ID in the format BG plus 9 digits and confirms tax registration status for KYB compliance.

Tax Registration Certificate

Proof of registration with the National Revenue Agency for income tax purposes; establishes the entity's primary tax identifier and compliance standing.

Ownership & Control (UBO)

UBO Declaration Form

Legal entities must identify and register all natural persons who ultimately own or control the entity with 25% or greater ownership or voting rights.

Commercial Register Entry (UBO Section)

Integrated into Bulgaria's public Commercial Register and Register of Non-Profit Legal Entities; administered by the Registry Agency for official UBO disclosure.

Languages We Cover

Bulgarian Cyrillic Script Handling

Bulgarian documents use the Cyrillic alphabet. OCR processes Cyrillic and Latin scripts, including machine-readable zones, for accurate credential verification.

Name Matching And Transliteration

Bulgarian law mandates Latin transliteration since 2009. Names must align across scripts; misalignment signals tampering or forgery requiring escalation.

Evidence Consistency Across Documents

Identity cards and passports carry machine-readable zones in Latin. OCR processes both scripts for Ministry of Interior validation in automated verification.

GOVERNANCE & CONTROLS

Audit-Ready Decisions, Lower Operational Drag

Fewer Avoidable Re-Submissions

Dual-script capture and RFID validation reduce first-pass failure for Bulgarian ID documents. Shufti handles Cyrillic and Latin alignment automatically.

Cleaner Audit Trails

FID-SANS and BNB examinations demand timestamped, verifiable KYC evidence. Shufti produces audit trails with regulatory reference on every decision.

Better Name Matching Outcomes

Cyrillic to Latin transliteration variants cause false declines. Shufti applies Bulgaria's 2009 official standard to match names across scripts accurately.

One Workflow, One Back Office

KYC, KYB, and AML screening share one audit trail in Shufti. Compliance teams manage identity, business, and screening decisions from a single case view.

National ID-First Flow Design

Bulgarian identity card is widely issued and RFID-enabled. Shufti prioritises ID card capture in onboarding flows to match local verification behaviour.

Enterprise-grade compliance infrastructure

Bulgaria IDV/KYC Challenges

Document Fraud & Tampering

High tampering rates undermine verification. Forensics detects anomalies in security features, hologram alignment, and RFID chip data that manual review misses.

Script Misalignment

Cyrillic and Latin inconsistency signals forgery. Language-aware OCR catches misalignments that expose fraudulent documents against official standards.

RFID Chip Validation

Bulgarian identity cards contain encrypted RFID chips with biometric data. Invalid RFID data signals tampering or document invalidity requiring escalation.

Regulatory Complexity

Six authorities oversee compliance: FID-SANS, BNB, FSC, NRA, CPDP, and Ministry of Interior. Shufti consolidates requirements into unified, auditable workflows.

Shufti's IDV/KYC Solutions for Bulgaria

KYC Solutions

Face Verification

Liveness detection and biometric matching reduce impersonation and multi-accounting risk. Verifies Bulgarian nationals against live selfie and document data.

Age Verification

Selfie-based age estimation with document verification fallback. Enables age-gated journeys for gaming, fintech, and marketplace platforms in Bulgaria.

Address Verification

Shufti verifies any address-bearing document, including utility bills from Energo-Pro, EVN, Overgas, Vivacom, A1 and statements from UBB, DSK, UniCredit.

Document Verification

Verifies Bulgarian identity cards, passports, and driver's licences. Validates security features, RFID data, script alignment, and Ministry validity status.

KYB Solutions

Business Verification

Verifies Bulgarian entities via the Registry Agency and Commercial Register. Confirms entity status, directors, beneficial owners, and VAT registration.

Enhanced Due Diligence (EDD)

Identifies politically exposed persons, assesses sanctions risk, and validates UBO identity. Produces audit-ready evidence for FID-SANS and BNB examinations.

AML Screening

Business AML Screening

Screens against OFAC, EU sanctions, and UN Security Council lists alongside Bulgarian PEP registers. Aligned to FID-SANS goAML requirements for full coverage.

Transaction Screening

Ongoing monitoring and suspicious activity flagging aligned with goAML obligations. Evidence trails support regulatory inquiries and investigation workflows.

REGULATORY ALIGNMENT

Built to Fit Bulgaria's Compliance Landscape

Financial Intelligence Directorate (FID-SANS)

Bulgaria's financial intelligence unit that receives and analyses suspicious transactions. Shufti provides goAML workflows aligned to FID-SANS reporting. Official Website: https://www.dans.bg/en

Bulgarian National Bank (BNB)

Central bank supervising licensed banks, payment providers, and AML compliance. Shufti delivers KYC and monitoring aligned with BNB supervisory directives. Official Website: https://www.bnb.bg

Financial Supervision Commission (FSC)

Supervisory authority for capital markets, insurance, and pension sectors. Shufti supports FSC-aligned KYC for investment firms and crypto service providers. Official Website: https://www.fsc.bg/en

National Revenue Agency (NRA)

Tax regulator administering VAT, tax compliance, and crypto business oversight. Shufti integrates with NRA databases for entity and tax identifier verification. Official Website: https://www.nra.bg/en

Commission for Personal Data Protection (CPDP)

Bulgaria's data protection authority enforcing GDPR and national privacy legislation. Shufti applies CPDP-mandated AES-256 encryption and TLS 1.2+ controls. Official Website: https://cpdp.bg/en

Ministry of Interior (MvR)

Issues Bulgarian identity cards and passports; runs electronic document validity checks. Shufti integrates with Ministry of Interior validation systems. Official Website: https://www.mvr.bg/en

Deployment Choice

Shufti runs on EU cloud infrastructure compliant with Bulgarian AML and GDPR. On-premises deployment available for entities with strict data residency mandates.

Regulatory Alignment

Aligned to Bulgaria's Personal Data Protection Act implementing GDPR, enforced by CPDP. Configurable retention meets MAMLA's five-year recordkeeping obligation.

Retention Controls

Configurable retention aligned to MAMLA's five-year minimum. Financial Intelligence Directorate may extend retention to twelve years for ongoing investigations.

Encryption Posture

AES-256 encryption for data at rest and TLS 1.2+ for data in transit. GDPR Article 32 obligations apply; breach notification to CPDP within seventy-two hours.

Data and Privacy Controls in Bulgaria

BUILT FOR COMPLIANCE TEAMS

Bulgaria AML Sources That Strengthen Decision

Bulgarian National Audit Office

Financial Supervision Commission (FSC)

Commission for Protection of Competition (BGCPC)

Bulgarian Persons of Interest

24 Chasa

Dnevnik

Sofia Globe

Ministry of Defence, Bulgaria

Bulgarian National Audit Office

Financial Supervision Commission (FSC)

Commission for Protection of Competition (BGCPC)

Bulgarian Persons of Interest

24 Chasa

Dnevnik

Sofia Globe

Ministry of Defence, Bulgaria

Bulgarian National Audit Office

Financial Supervision Commission (FSC)

Commission for Protection of Competition (BGCPC)

Bulgarian Persons of Interest

24 Chasa

Dnevnik

Sofia Globe

Ministry of Defence, Bulgaria

Frequently Asked Questions

What are the KYC requirements in Bulgaria?

KYC in Bulgaria requires customer identification with full name, date of birth, and address; identity verification using a Bulgarian ID card or passport; risk assessment; beneficial ownership identification for entities with 25% or greater ownership; and enhanced due diligence for high-risk customers including politically exposed persons.

What are the main AML regulations in Bulgaria?

Bulgaria's AML regime is governed by the Measures Against Money Laundering Act (MAMLA), adopted 27 March 2018 and amended 14 July 2023. The MATFA prohibits terrorist financing. Suspicious transaction reports are submitted via the goAML system, administered by the Financial Intelligence Directorate.

How do you verify a Bulgarian identity card?

Confirm authenticity via the Ministry of Interior validity verification system at mvr.bg. Verify the embedded RFID chip containing two fingerprints and an encrypted digital signature. Check that Cyrillic and Latin transliteration align per the 2009 Bulgarian standard; misalignment indicates tampering.

What documents are required for KYC in Bulgaria?

Acceptable KYC documents in Bulgaria include the Bulgarian Identity Card (primary ID, compulsory from age 14), Bulgarian Passport (international travel and verification), Driver's Licence (secondary ID for lower-risk flows), and Residence Certificate for address confirmation.

What is Bulgaria's FATF grey list status and why?

Bulgaria was placed on the FATF grey list on 27 October 2023. Key reasons include low money laundering conviction rates relative to identified risks, deficiencies in beneficial ownership registration accuracy, and weak enforcement mechanisms enabling large-scale money laundering.

How do you verify beneficial ownership in Bulgaria?

Consult the Commercial Register administered by the Registry Agency for shareholder records. Trace indirect ownership to identify natural persons controlling 25% or more. Verify identified beneficial owners against their Bulgarian ID card or passport.

What is the record retention period for KYC documents in Bulgaria?

MAMLA requires a minimum five-year retention period after the end of the business relationship or transaction. The Financial Intelligence Directorate may extend this to twelve years. Financial records must be retained for ten years under Bulgarian accounting and tax law.

What are Bulgaria's enhanced due diligence requirements?

EDD is mandatory for politically exposed persons, customers from FATF-identified high-risk countries, and transactions exceeding EUR 15,000 (non-cash) or EUR 5,000 (cash). Required actions include enhanced identity verification, UBO confirmation, source of funds validation, and ongoing monitoring.

Build a Bulgaria-ready KYC, KYB & AML programme with Shufti

Check Pricing Request Demo

INDEPENDENTLY AUDITED. GLOBALLY CERTIFIED.

Certified to Global Standards

PROVEN WORKFLOWS

Use Cases for Regulated Growth in Bulgaria

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Reduce Fraud Without Blocking Growth

Shufti supports marketplace integrity by verifying seller and buyer identities, enabling age-gated journeys where needed, and preserving evidence to support investigations, disputes, and risk-led enforcement actions.

Learn More Try Now

Secure Trust at Every Transaction

Automate KYC and AML workflows to reduce manual onboarding costs. Strengthen residency checks while delivering the frictionless digital experience modern customers expect.

Learn More Try Now

Scale Your Exchange with Confidence

Balance anonymity with compliance. Instantly verify user jurisdiction to meet Travel Rule obligations and help stop abuse without slowing down legitimate trading volume.

Learn More Try Now

Accelerate Growth, Eliminate Friction

Onboard users in seconds, not days. Deploy tiered address verification flows that maximise completion rates for genuine users while filtering out synthetic fraud.

Learn More Try Now

Onboard Global Traders in Real-Time

Verify investors across 250+ countries & territories. Ensure compliance with international financial regulations while preventing identity theft and high-risk chargebacks.

Learn More Try Now

Power a Fair & Secure Player Experience

Reduce bonus abuse and multi-accounting rings at the door. Enforce location rules and trigger step-up checks without disrupting the player journey.

Learn More Try Now