What are the KYC requirements in Turkey?

Turkish KYC requirements are set by Law No. 5549 and MASAK. All obliged entities must verify customer identity, conduct CDD, apply risk-based monitoring and retain records for eight years. KYC Turkey compliance requires documents including TC Kimlik Kartı, Turkish national ID alternatives, passport and foreigner ID card for non-citizens. eKYC Turkey solutions using NFC chip verification accelerate identity verification while meeting BDDK and MASAK standards.

What is MASAK and what does AML compliance Turkey require?

MASAK is Turkey's Financial Intelligence Unit under the Ministry of Treasury and Finance. AML compliance Turkey obligations require financial institutions to conduct CDD, submit suspicious transaction reports via the MASAK Online system, maintain eight-year records and appoint a compliance officer at senior management level. MASAK compliance applies to banks, payment providers, crypto platforms and all obliged entities.

How does KVKK compliance affect KYC data handling in Turkey?

KVKK (Law No. 6698) requires all data controllers to register with VERBIS before processing personal data. KYC data is classified as personal data and must be encrypted, purpose-limited and subject to data subject access rights. KVKK compliance means cross-border transfers require equivalent protection standards. Turkish identity verification Turkey must align with both KVKK data protection and AML compliance requirements.

What documents are accepted for Turkish national ID KYC verification?

Primary documents for Turkish national ID KYC include TC Kimlik Kartı and Turkish Passport. Secondary documents include Sürücü Belgesi, Yabancı Kimlik Kartı and İkamet İzni for foreign nationals. Chip-based national ID cards with NFC receive preference. eKYC Turkey solutions support all 26 Turkish document types including biometric verification.

What are the KYB requirements for verifying Turkish businesses?

Turkish KYB verification requires Ticaret Sicil Gazetesi, Faaliyet Belgesi and Articles of Association for entity identity. Tax identity uses VKN. UBO identification is mandatory under Law No. 5549, requiring Ortaklık Yapısı, Pay Defteri and Gerçek Faydalanıcı Bildirimi documentation. KYB Turkey compliance includes verification of all beneficial owners at 25% ownership thresholds.

How does Shufti support crypto KYC Turkey compliance under CMB regulations?

Crypto KYC Turkey compliance is governed by CMB Law No. 7518, which requires platforms to obtain Capital Markets Board licences by June 2026. Shufti provides full KYC onboarding, jurisdiction verification for Travel Rule compliance, sanctions screening and eight-year record retention. Our crypto KYC Turkey solutions support CMB licence applications and post-licensing MASAK reporting obligations.

What is the data retention requirement for AML records in Turkey?

Law No. 5549 mandates eight-year retention of all AML records from the end of the business relationship. This covers KYC files, transaction records and STR documentation. AML compliance Turkey requires automated retention schedules and maintains audit-ready records for MASAK examinations and regulatory inspections.

How does Turkey's FATF membership affect AML compliance Turkey obligations?

Turkey has been a FATF member since 1991 and was removed from the grey list in June 2024 after addressing compliance gaps. Post-greylisting, MASAK and BDDK enforce heightened AML standards. FATF's 40 Recommendations guide Turkish AML policy and international correspondent banking expectations. AML compliance Turkey now requires demonstrable controls exceeding minimum standards.

What are the penalties for non-compliance with Turkish KYC and AML regulations?

Non-compliance with Turkish KYC and Law No. 5549 AML obligations results in administrative penalties and potential criminal sanctions. MASAK compliance violations attract fines; failure to maintain eight-year records, conduct proper KYC Turkey verification, or submit STRs results in enforcement action. Crypto platforms failing to obtain CMB licences by June 2026 face liquidation. Enhanced penalties apply to repeat violations.

Serbia

Identity Verification And KYC For Serbia

Shufti delivers Serbia KYC, KYB, and AML compliance in Serbia through KYC screening, beneficial owner verification, and audit-ready compliance for regulated businesses.

Operational performance for Serbia KYC

Our Numbers Speak Volumes

99.27%

Pass Rates

< 5 sec

Verification
Time

55.91%

eIDV
Coverage

Evidence-Ready Checks Across People & Businesses

Shufti supports 5 Serbian document types for complete Serbia KYC verification and streamlined KYC workflows.

Individual Documents We Verify

Shufti supports 5 Serbian document types for complete Serbia KYC verification and streamlined KYC workflows.

View All Supported Documents

Lična karta (Serbian Biometric National ID Card)

A biometric identity card issued by the Serbian Police with JMBG number, photograph, and fingerprints. Valid 10 years for adults, 5 years for minors. Required in KYC.

Serbian Passport (Srpski pasoš)

Biometric travel document with RFID chip, encrypted fingerprints, and burgundy cover. Valid for 10 years. MRZ enables automated data extraction and verification.

Vozačka dozvola (Driver's Licence)

Official document issued by the Serbian Police for vehicle operation. Valid for 10 years. Accepted as supplementary identity verification for KYC and onboarding.

Privatemeni boravak (Temporary Residence Permit)

Holographic sticker on passport with personal information, photograph, and validity period. Required for bank accounts, property, and health insurance.

Dozvola za boravak (Residence Permit)

Official permit establishing legal residency for non-Serbian nationals. Used in KYC and tax verification. Verified against passport and supporting documents.

Business Entity Identity

Izvod iz registra APR (Business Registration Certificate)

Excerpt from Serbian Business Registers Agency containing legal entity data, code, registration number, and status. Required for all business verification.

Osnivački akt (Founding Act or Articles of Association)

Constitutional document outlining structure, purpose, governance, and registered office. Filed with APR establishing legal entity formation evidence for KYB.

Potvrda o dobrom poslovnom stanju (Certificate of Good Standing)

APR verification confirming active entity status in Serbia. Required for KYB reviews and regulatory submissions to APML, NBS, and compliance examinations.

Business Tax Identity

PIB (Poreski identifikacioni broj - Tax Identification Number)

9-digit numeric identification issued by the Tax Administration for legal entities and entrepreneurs. Essential for KYB workflows and tax compliance verification.

PDV sertifikat (VAT Registration Certificate)

Certificate confirming VAT registration status issued by the Tax Administration. Required for all registered VAT entities and as evidence of tax compliance status.

Potvrda o poreskoj registraciji (Tax Registration Certificate)

Official tax registration confirmation issued by the Tax Administration of Serbia. Validates identity and identification for KYB and tax compliance verification.

Ownership & Control (UBO)

Centralna evidencija stvarnih vlasnika (Central Record of Beneficial Owners)

Electronic database maintained by APR containing beneficial owner information and documentation. Mandatory for entities with 25%+ ownership or control.

Knjiga akcionara (Shareholder Register)

Internal company register documenting shareholder names and shareholding percentages. Provides evidence chain for ownership changes and capital transactions.

Director/Owner Identification Documents

Personal ID documents of individuals with management authority or beneficial ownership stake. Verified using individual document verification procedures.

Languages We Cover

Cyrillic and Latin Script Handling

Serbian documents are printed in Cyrillic (ћирилица) with Latin transliteration (латиница). Both scripts have equal status. Dual-script extraction prevents rejection.

Name Matching, Serbian Diacritics, and Transliteration

Cyrillic-to-Latin conversion uses digraphs (nj, lj, dž), creating matching issues. Transliteration-aware rules reduce false mismatches from the same name spellings.

Evidence Consistency Across KYC and KYB Steps

Keep extracted values visible for audit and QA review. Transparency in normalisation and matching supports examination and maintains audit defensibility.

GOVERNANCE & CONTROLS

Audit-Ready Decisions, Lower Operational Drag

Fewer Avoidable Re-Submissions

Structured extraction for lična karta dual-script reduces retries from script or diacritic mismatches, improving first-pass approval rates.

Cleaner Audit Trails

Consistent decision outputs, reason codes, and evidence retention support APML examination. Eliminates fragmented records across multiple systems.

Better Name Matching Outcomes

Localised matching for Serbian diacritics (š, č, ž, ć, đ) reduces false rejections. Preserves audit defensibility for each matching decision.

One Workflow, One Back Office

Identity verification, beneficial owner screening, and AML controls operate in a unified view. Reduces handoff friction between KYC and AML teams.

National ID-First Flow Design

Lična karta, as the primary identity document in Serbia, ensures structured extraction and evidence-led decisions across the customer lifecycle.

Enterprise-grade compliance infrastructure

Serbia IDV/KYC Challenges

Cyrillic/Latin Matching

Documents use Cyrillic, whilst Latin transliterations are common digitally. Inconsistent transliteration for digraphs causes matching failures in KYC systems.

UBO Transparency Rules

The Central Register of Ultimate Beneficial Owners, effective 1 October 202,5 requires electronic submission. All entities must verify by 30 November 2025.

Document Fraud Networks

The Western Balkans has networks selling forged Serbian passports and identity documents. Biometric liveness and authenticity verification defend against fraud.

Crypto Regulatory Gaps

Dual oversight with the National Bank regulating cryptocurrencies and the Securities Commission covering tokens creates banking barriers for digital assets.

Shufti's IDV/KYC Solutions for Serbia

KYC Solutions

Face Verification

Stops impersonation and mule sign-ups with liveness and face matching. Reduces manual exceptions and strengthens defences against document fraud networks.

Age Verification

Estimates age from selfie-based age estimation using artificial intelligence. Falls back to lična karta or Serbian passport document verification when required.

Address Verification

Shufti can verify any address-bearing document, including EPS, Srbijagas, Telekom utilities and statements from Banca Intesa, OTP, UniCredit bank accounts.

Document Verification

Detects tampering in lična karta and Serbian passports. Extracts fields across Cyrillic and Latin variations with MRZ extraction, reducing manual review.

KYB Solutions

Business Verification

Verifies Serbian businesses using APR registry data and PIB tax identifiers. Checks beneficial ownership register entries to establish legal entity identity.

Enhanced Due Diligence (EDD)

Applies risk-based heightened checks to high-risk customer relationships. Screens PEP and sanctions exposure in Serbia, supporting APML audit readiness.

AML Screening

Business AML Screening

Screens Serbian entities and beneficial owners against UN sanctions lists and EU measures. Includes watchlist checks and PEP screening on controllers.

Transaction Screening

Monitors customer flows for structuring patterns and high-risk counterparties in real time. Supports TMIS-2 obligations with defensible screening logs.

REGULATORY ALIGNMENT

Built to Fit Serbia's Compliance Landscape

National Bank of Serbia (NBS)

Supervises banks and payment systems under AML and KYC regulations. Shufti delivers KYC evidence and audit trails aligned to NBS onboarding requirements. Official Website: https://www.nbs.rs/en/indeks/

Administration for the Prevention of Money Laundering (APML)

Receives and analyses suspicious transaction reports via TMIS-2. Shufti preserves evidence supporting STR preparation and regulatory compliance. Official Website: https://www.apml.gov.rs/english/introduction

Securities Commission of the Republic of Serbia (SEC)

Oversees capital markets and securities trading in Serbia. Shufti operationalises KYB and beneficial ownership evidence aligned to SEC governance requirements. Official Website: https://www.sec.gov.rs/

Commissioner for Information of Public Importance and Personal Data Protection

Protects personal data rights under Serbian law. Shufti implements privacy-by-design controls, including data minimisation and encryption, for compliance. Official Website: https://www.poverenik.rs/en/home.html

Tax Administration of Serbia (Poreska uprava)

Collects income tax, VAT, and tax obligations. Shufti supports compliance by structuring KYB evidence for tax identity verification and requirements. Official Website: https://www.purs.gov.rs/en.html

Commission for Protection of Competition (KZK)

Protects competition and prevents monopolistic practices. Shufti enables beneficial ownership verification aligned with competition law requirements. Official Website: https://www.kzk.gov.rs/en/

Ministry of Finance of the Republic of Serbia

Manages public finance and financial regulation oversight. Shufti structures decision trails and evidence aligned to Treasury reporting and audit expectations. Official Website: https://www.mfin.gov.rs/en

National Bank of Serbia, Insurance Supervision Department

Supervises insurance companies and pension funds. Shufti supports the insurance sector KYC by managing identity and beneficial ownership verification workflows. Official Website: https://www.nbs.rs/en/finansijske-institucije/

Deployment Choice

Major cloud providers (AWS, Azure, GCP) do not operate regions in Serbia. Data processing uses EU centres such as Frankfurt for AWS or Western Europe.

Regulatory Alignment

Serbia's Law on Personal Data Protection (ZZPL, RS No. 87/2018) is harmonised with GDPR. Enforcement by the Commissioner for Information of Public Importance.

Retention Controls

Serbian AML law requires customer identification and transaction records retention. Shufti supports configurable retention aligned to your specific policy.

Encryption Posture

Serbian law requires security measures for confidentiality, integrity, and availability. Shufti implements industry-standard encryption in transit and at rest.

Data and Privacy Controls in Serbia

BUILT FOR COMPLIANCE TEAMS

Serbia AML Sources That Strengthen Decision

National Assembly of Serbia

Company for Forests in Serbia (Srbijašume)

Serbia Securities Exchange Commission (Public Censure)

KK Partizan Mozzart Bet

Blic

Politika

Kurir

National Assembly of Serbia

Company for Forests in Serbia (Srbijašume)

Serbia Securities Exchange Commission (Public Censure)

KK Partizan Mozzart Bet

Blic

Politika

Kurir

National Assembly of Serbia

Company for Forests in Serbia (Srbijašume)

Serbia Securities Exchange Commission (Public Censure)

KK Partizan Mozzart Bet

Blic

Politika

Kurir

National Assembly of Serbia

Company for Forests in Serbia (Srbijašume)

Serbia Securities Exchange Commission (Public Censure)

Frequently Asked Questions

What are the core KYC requirements for opening a business relationship in Serbia?

Core KYC requirements in Serbia include customer identification using lična karta or passport, beneficial owner identification for all entities, source of funds assessment, and ongoing customer monitoring throughout the relationship lifecycle.

What documents are required for identity verification in Serbia?

Primary identity documents are lična karta (National ID Card) for Serbian residents, Serbian passport (Srpski pasoš) for cross-border verification, driver's licence (vozačka dozvola) as supplementary identification, and temporary residence permit (privremeni boravak) for non-residents.

How do I comply with AML regulations in Serbia?

Establish a KYC programme aligned to the Law on Prevention of Money Laundering. Conduct customer due diligence appropriate to the risk profile. Identify beneficial owners via the Central Record by 30 November 2025. Implement sanctions and PEP screening using UN and EU watchlists. Report suspicious transactions to APML via TMIS-2.

What is APML in Serbia, and what are its reporting requirements?

APML is Serbia's Financial Intelligence Unit responsible for receiving and analysing suspicious transaction reports. Obligated entities must submit reports via TMIS-2 before or immediately after the transaction occurs, with detailed information on parties and transaction rationale.

What is Ultimate Beneficial Owner (UBO) verification, and why is it required in Serbia?

UBO verification identifies natural persons with 25%+ ownership, voting rights, or management control of a business entity. Serbia's Central Record became mandatory on 1 October 2025. All entities must complete verification and annual re-verification by 30 November 2025.

What is the difference between standard, enhanced, and simplified due diligence in Serbia?

Standard CDD applies to all customers, including identity verification and beneficial owner identification. Enhanced CDD applies to high-risk clients, including PEPs requiring additional documentation. Simplified CDD may apply to low-risk customers with documented risk justification.

How are cryptocurrencies and fintech regulated for KYC in Serbia?

National Bank regulates cryptocurrency assets while the Securities Commission covers tokens. Digital asset service providers must obtain prior authorisation. Implement KYC and AML procedures aligned to traditional finance standards. Comply with APML reporting requirements.

What is Serbia's current AML compliance status with MONEYVAL?

Serbia was removed from the FATF grey list in June 2019 and operates under MONEYVAL enhanced monitoring. The country is rated Compliant on 5 FATF Recommendations and Largely Compliant on 35 Recommendations with continued monitoring to ensure improvements.

Build a Serbia-ready KYC, KYB & AML programme with Shufti

Check Pricing Request Demo

INDEPENDENTLY AUDITED. GLOBALLY CERTIFIED.

Certified to Global Standards

PROVEN WORKFLOWS

Use Cases for Regulated Growth in Seychelles

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Reduce Fraud Without Blocking Growth

Shufti supports marketplace integrity by verifying seller and buyer identities, enabling age-gated journeys where needed, and preserving evidence to support investigations, disputes, and risk-led enforcement actions.

Learn More Try Now

Secure Trust at Every Transaction

Automate KYC and AML workflows to reduce manual onboarding costs. Strengthen residency checks while delivering the frictionless digital experience modern customers expect.

Learn More Try Now

Scale Your Exchange with Confidence

Balance anonymity with compliance. Instantly verify user jurisdiction to meet Travel Rule obligations and help stop abuse without slowing down legitimate trading volume.

Learn More Try Now

Accelerate Growth, Eliminate Friction

Onboard users in seconds, not days. Deploy tiered address verification flows that maximise completion rates for genuine users while filtering out synthetic fraud.

Learn More Try Now

Onboard Global Traders in Real-Time

Verify investors across 250+ countries & territories. Ensure compliance with international financial regulations while preventing identity theft and high-risk chargebacks.

Learn More Try Now

Power a Fair & Secure Player Experience

Reduce bonus abuse and multi-accounting rings at the door. Enforce location rules and trigger step-up checks without disrupting the player journey.

Learn More Try Now