Lessons from MiCA: Creating Risk Management Functions Under Turkiye’s New Crypto Laws

Some of us might have questions regarding the concepts of internal control, risk management, and internal audit, and the differences between them. In this blog, I will discuss these terms with the help of MICA and Turkiye’s new regulation.

I believe one of the most significant topics of recent times is the new regulations for crypto asset service providers in Turkey. Recently, the “Draft Law on Amendments to the Capital Markets Law” was presented to the Turkish Grand National Assembly, marking the first legal regulation regarding crypto assets. In this article, I will examine the expectations in the field of risk management and audit under the new crypto regulation, comparing it with the European Union’s Markets in Crypto-Assets Regulation (MiCA).

We will soon discuss the concept of the “three-line defense,” commonly used by risk management experts to describe the risk management structures within companies. First, looking at the regulation announced to the public, I noticed a strong emphasis on the concept of internal control. The regulation states that service providers must establish an internal control unit that…