AN IMPORTANT TOOL IN THE FIGHT AGAINST FINANCIAL CRIME: NATIONAL RISK ASSESSMENT
This article was published in the Economy Newspaper on July 22, 2025, in the opinion column.
Every country strives for a strong, secure, and fully competitive economic environment. However, there is a serious threat that quietly undermines all of this: money laundering and terrorist financing.
You may think these concepts have no bearing on your daily life. However, when criminal groups easily obtain criminal proceeds and can readily integrate and use them within the system, or when funds are transferred to dangerous organizations that disrupt your country’s order, the impact is felt everywhere: from rising housing prices, an unstable investment environment, declining employment, to the weakening of social trust and peace. These effects can be short- or long-term.
How do countries protect themselves against these risks?
Countries are engaged in a series of national and international efforts to combat these risks.
One of the most important tools used in this fight is the National Risk Assessment (NRA). To effectively combat these risks, countries must first understand them. This is where the National Risk Assessment (NRA) comes into play. Guided by the Financial Action Task Force (FATF), which sets global standards for combating money laundering (ML) and terrorist financing (TF), the NRA helps countries identify, assess, and understand the specific risks they face.
It may sound very technical, but it plays a major role in keeping your savings safe, protecting society, and keeping your country connected to the global economy.
What is a National Risk Assessment (NRA)?
We can think of the NRA as a country’s financial health check. We measure which areas are risky, our vulnerabilities, and the consequences using appropriate methods. We determine the measures that need to be taken to mitigate these risks.
Within a risk-based approach, it involves taking enhanced measures in areas where risks are higher and simplified or fewer measures in areas where risks are lower.
Is NRA a requirement?
NRA is not only a good management practice; it is an international obligation.
The FATF (Financial Action Task Force), which plays a leading role in the global fight against financial crime, requires each country to draw up its own risk map and develop appropriate measures.
Countries that fail to meet this obligation face the risk of being blacklisted. This directly leads to a decline in foreign investment, damaged trade relations, and undermined economic confidence.
NRA is not only a good management practice but also an international obligation. The FATF (Financial Action Task Force), which plays a leading role in the global fight against financial crime, requires each country to develop its own risk map and take appropriate measures in accordance with its Recommendations 1 and 2. Countries that fail to understand and manage their risks may face serious consequences, such as being placed on international blacklists that could harm trade, investment, and the economy.
What is the purpose of NRA?
To combat these crimes, it is first necessary to understand them, see their magnitude, and prioritize them. This is precisely what NRA does.
The main objectives of NRA are as follows:
Seeing where threats come from, i.e., understanding the risk: Revealing how and by whom ML/TF can be carried out.
Prioritizing: Focusing limited resources on the most important threats and vulnerabilities.
Identifying Vulnerabilities: Determining which sectors are most vulnerable.
Developing Policy: Providing information for the design of effective AML/CFT laws, regulations, and oversight.
Raise awareness: Increase risk awareness among stakeholders, including the private sector.
Comply with international standards: Demonstrate to the FATF and other institutions that the country understands its risks and addresses them effectively.
What are the prerequisites for the NRA process?
Political commitment to implement the NRA
A comprehensive, national mechanism to assess risk
Appropriate scope definition and target setting
Information and data collection
How does the NRA process work?
There is no standard procedure for every country. Each country adapts the NRA process to its own circumstances, but the FATF
Guidelines approach is as follows:
Step 1: Preparation and Interagency Cooperation
The Financial Intelligence Unit (MASAK in Turkey) is usually tasked with coordinating the NRA process. Goals, timelines, and working groups are defined, and responsibilities are assigned. The necessary data sources are identified.
Step 2: Identification of threats
The magnitude of the threat is determined by analyzing criminal activities that generate criminal proceeds.
Step 3: Identification of vulnerabilities
Gaps in the financial system, oversight deficiencies, and regulatory gaps are examined.
Step 4: Risk analysis and assessment
The country’s internal risks are identified by combining threat and vulnerability assessments, taking into account both the quantity and quality of the data used.
Step 5: Results and Risk Ranking
Each sector or activity is ranked as high, medium, or low based on its risk level. Specific gaps or weaknesses in the AML/CFT countermeasures framework are highlighted. This allows countermeasures units to know where to focus their efforts.
Step 6: Communication and Use
Once risks are identified, strategies are developed to close gaps and strengthen protections. The results obtained are integrated into policies to combat money laundering and terrorist financing, as well as into oversight and enforcement efforts. To increase transparency and awareness, the NRA Report is published, at least in summary form.
What are the key principles of effective NRA implementation?
Effective NRAs must involve a wide range of institutions, such as financial supervisory authorities, law enforcement agencies, judicial bodies, and customs administrations.
Decisions must be data-driven. Therefore, accurate and relevant data is crucial. Where data is limited, expert opinions can fill the gaps.
The process should be carried out in cooperation with the private sector. Financial institutions, non-financial businesses, and professional associations provide useful information during the process. They play a critical role in evaluating the findings.
Countries’ risk situations change over time. Therefore, the NRA should be updated at regular intervals.
What are the outputs of the NRA?
When implemented effectively, the NRA provides tangible benefits:
Regulatory and supervisory authorities can focus their audits on high-risk sectors. This makes audits more targeted.
It paves the way for improving laws and regulations:
It increases awareness among obligated parties and keeps them alert.
Sharing risk findings can improve information exchange between countries. This enables more effective international cooperation.
Banks and businesses can adjust their internal controls to align with national priorities. Their audit quality improves.
A well-implemented NRA is a critical component of a country’s mutual evaluation.
It enhances the country’s international reputation.
Our country’s Current National Risk Assessment Report has been published:
The National Risk Assessment process, which addresses our country’s vulnerabilities and risk assessment, has been completed. In this context, the summary for 2025, which is suitable for public disclosure, was shared with the public as of July 1. You can access the report here. (https://masak.hmb.gov.tr/ulusal-risk-degerlendirmesi)
What is the basis of the NRRA and which institution prepares it?
The NRRA process is carried out under the coordination of MASAK, affiliated with the Ministry of Treasury and Finance, with the contribution of many public institutions and private sector representatives.
This work is also part of Turkey’s 2021-2025 National Strategy Document, implemented under Presidential Decree No. 2021/16.
How was the NRA preparation process carried out?
The NRA report was prepared based on a methodology developed and updated during the process by the Threat and Vulnerability Working Groups, taking into account FATF standards and within the framework of the FATF’s NRA Preparation Guide. Analysis studies were also conducted using quantitative methods related to the AML/CFT threats and vulnerabilities identified within the scope of the ML/TF risk analysis. The NRA Report, prepared largely based on data from the 2021-2024 period, was finalized following the Threat and Vulnerability Working Group meetings held on May 21 and 22, 2025, and approved by the Ministry of Treasury and Finance on June 27, 2025.
What methods were used to identify our prominent AML threats in the 2025 NRA Report? What are our risk points?
As part of the analysis of KA risks, predicate offenses that were primarily assessed as money laundering threats were identified, the frequency of these offenses was evaluated, and the extent to which these offenses acted as predicate offenses for KA crimes was determined. The results obtained were then matched with the findings of the vulnerability analysis specific to each offense, thereby first calculating the natural KA risks. Subsequently, the positive impact of measures classified as mitigating measures was evaluated to arrive at residual risk values, thereby quantifying and categorizing ML risks. Within this framework, observations related to a total of 40 criteria and scenarios were evaluated to arrive at the ML risk analysis results.
Accordingly, medium-to-high ML risks are listed below:
| ML Threats | Risk Level |
| Fraud Crimes | High |
| Illegal Betting and Gambling | Medium – High |
| Drug Trafficking | Medium – High |
| Theft and Robbery | Medium – High |
Fraud is the most prominent crime group in money laundering investigations and convictions for this crime. In particular, it has been observed that the crimes of “aggravated fraud” regulated in Article 158 of the Turkish Criminal Code are more susceptible to money laundering.
In addition, it is understood that different types of fraud have emerged with technological developments, and cases of fraud involving the use of computer systems and banking and credit institutions as tools for laundering fraud proceeds and the misuse of crypto asset transactions are noteworthy.
Illegal betting and gambling crimes
The majority of activities related to this crime group are carried out through illegal betting/gambling sites accessible via the internet. Third-party accounts may be used to launder the proceeds obtained from these sites, and it has recently been understood that virtual POS transactions can also be misused for money laundering purposes.
Drug manufacturing and trafficking crimes are crimes that generate high amounts of illegal income for criminal organizations. In addition, the income generated from this crime is among the important sources of financing for terrorist organizations. Turkey is a crucial route for the smuggling of products such as heroin, opium derivatives, and methamphetamine, as well as a transit and destination country for synthetic drugs produced in Europe and shipped to Asia, and the smuggling of chemicals used in the production of these substances. While there has been an increase in money laundering through banking and crypto asset transactions in recent times, real estate purchases have traditionally been used to launder proceeds from this crime.
Theft and robbery crimes stand out, particularly because theft crimes against property are the most frequently committed crime group in our country. However, compared to fraud crimes, these crimes are largely committed by individuals or small groups of perpetrators in our country. In recent years, partly due to the establishment of specialized courts, there has been an increase in money laundering cases where the predicate offense is theft and robbery. It has been observed that money laundering activities are primarily carried out through traditional methods, such as acquiring assets for the purpose of conversion or concealment.
How were the TF threats highlighted in the 2025 NRA Report identified? What are our risk points?
Within the scope of TF risk analysis in the NRA process, organizations assessed as terrorist threats were first identified. The activities of these organizations were evaluated to determine their impact in terms of TF crime. The results obtained were matched with the findings of the vulnerability analysis specific to terrorist organizations; in this way, natural TF risks were first calculated. Subsequently, the positive impact of measures classified as mitigating measures was evaluated to arrive at residual risk values, thereby quantifying and categorizing TF risks. Within this framework, observations related to a total of 40 criteria and scenarios were evaluated to arrive at the TF risk analysis results.
The TF Risk Analysis results are summarized in the table below.
| TF Threats | Risk Level |
| FETO | High |
| PKK/KCK-PYD/YPG | High |
| Terrorist Organizations Exploiting Religion (El Kaide, DEAŞ) | High |
What methods were used to identify vulnerability points?
Sub-working groups called “Risk Analysis Working Groups” were established within the Vulnerability Working Group to assess the sectoral risk levels of the obligated groups. In addition to representatives of relevant public institutions and organizations, representatives from professional associations specific to the obligated sector or, depending on the situation, professional associations also actively participated in the Risk Analysis Working Groups. Ultimately, 8 Risk Analysis Working Groups were established for the Banking, Crypto Asset Service Providers, Insurance, Capital Markets, Financing, Savings Financing, Factoring, Financial Leasing, Asset Management, Payment and Electronic Money Institutions, Authorized Institutions, Jewelry, Real Estate, and Art Dealers sectors.
Methods and approaches used in the risk analysis of financial institutions
In the risk analysis of obligated sectors conducted in the context of risk analysis working group activities or separately collected data related to the sector:
In the first stage, the risks of the obligated parties in the categories of “Customer Risk,” “Service/Product/Transaction Risk,” “Geographical/Country Risk,” “Distribution Channel Risk,” and “Structural Risk” were identified, the impact and probabilities of these risks were determined, and natural risk scores were calculated.
In the second stage, mitigating measures taken by obligated entities to eliminate natural risks and the methods of implementing these measures were determined.
In the third stage, the effects of mitigating measures used to reduce natural risk were examined.
In the fourth stage, other risk factors that were not included in the first three stages but are important in terms of risk analysis were also included in the analysis. In this context, the results of audits conducted in previous years, suspicious transaction reports, company size, degree of institutionalization, etc. were included in the analysis.
Methods and approaches used in the risk analysis of non-financial institutions
Since non-financial business and professional groups are very diverse, the methods used to analyze each obligated group may differ at this stage. Within the scope of the activities of the Risk Analysis Working Group established under the Fragility Working Group, joint assessments were made regarding the real estate, jewelry, and art dealing sectors.
Interpretation of sectoral vulnerability analysis results
As a result of the sectoral vulnerability analysis findings, a risk assessment consisting of 15 criteria was carried out for financial and non-financial business and occupational groups to ensure that the risk scores of all sectors could be obtained comparatively within the framework of common criteria. In this context:
Sector size,
Product and service diversity,
Obligation audits,
Detected violations,
Assessments regarding the effectiveness of audits,
Suspicious transaction reports sent by the sector and received about the sector,
Frequency of actual ML/TF cases in the sector,
Training activities,
Risk findings were quantified and a ranking of risky sectors for 23 sectors was obtained, taking into account the assessments of the Risk Analysis Sub-Working Group gathered within the scope of the Vulnerability Working Group.
What are the key vulnerabilities highlighted in the 2025 NRA Report?
Based on the risk assessments conducted, the following are the vulnerable sectors where we have weaknesses in combating ML/TF.
| Sectors | Risk Level |
| Banking | High |
| Crypto Asset Service Providers (CASP) | High |
| Payment and E-Money Institutions | Medium – High |
| Jewelers | Medium – High |
| Exchange Offices | Medium – High |
| Real Estate | Medium – High |
The banking sector has been subject to risk assessment in terms of its active size in the financial sector, the variety of transactions it mediates, and the frequency with which it is seen in actual AML/CFT cases. The risk perception here stems from the natural risk of the sector, and the sector’s high level of compliance with and awareness of preventive measures reduces this risk.
The crypto asset service providers sector has a rising risk level due to its rapid growth in recent times, the relatively recent completion of regulatory work on licensing/entry conditions for the sector, the ongoing transition periods, and its frequency in recent actual ML/TF cases. This risk has been observed particularly in fraud and illegal betting crimes on the ML side; it has been understood that the misuse of crypto assets for laundering drug proceeds has increased. On the TF side, evidence of crypto asset use by almost all terrorist organizations has been found in recent times. Stable crypto assets have been assessed as being more susceptible to misuse for TF purposes.
Payment and electronic money institutions sector: In the context of product and service diversity in the sector, the risk of money transfer and electronic money activities is considered high; risks arising from virtual POS activities are also considered relatively high, while the risk of bill payment and mobile payment activities is considered relatively low. In this context, the sector’s risk is classified as medium-high.
The jewelry sector has been assessed as medium-high risk, particularly due to its heavy reliance on cash transactions and the high prevalence of ML risks inherent to its nature, primarily fraud, drug trafficking, migrant smuggling, human trafficking, and theft.
Exchange Offices sector: For Exchange Offices, high-volume transactions and currency exchange involving multiple countries stand out as prominent risk factors. The sector is also susceptible to abuse in the context of unregistered money and value transfer activities. This risk is particularly evident in money laundering and TF cases linked to smuggling. In this context, the sector’s risk is considered medium-high.
Real estate sector: In Turkey, the sale of over 1 million homes annually in recent years increases the sector’s risk in the context of almost all predicate crimes linked to ML. Money laundering through real estate purchases stands out among the traditional money laundering methods observed in the country. Taking into account other assessments collectively, the sector’s risk has been assessed as medium-high.
Risks related to non-profit organizations
Associations
The supervision of associations is carried out within the framework of Law No. 5253. In this context, the supervision of associations for the purpose of combating ML/TF is carried out by the General Directorate of Relations with Civil Society within the framework of risk-based supervision methodologies first prepared in 2020 and updated at regular intervals.
Although the risk of the sector being exploited for terrorist financing is considered low, certain parts of the sector (such as humanitarian aid associations operating in conflict zones) appear to face relatively higher risks.
During the analysis period, it was observed that some civil society organizations operating abroad and various platforms that appear to be associations were using social media to raise funds.
Foundations
The assessment indicates that the procedures for establishing foundations in Turkey largely prevent their exploitation for AML/CFT purposes. It is understood that almost all foundations comply with their disclosure obligations under the relevant legislation. These obligations also cover donations received or sent; cash donations must be made through banks. In this context, the risk is considered low for all types of foundations.
What is the overall assessment of the NRA Report?
The NRA study observed an increase in ML cases, particularly through the use of new technologies, and TF cases through social media abuse during the analyzed period, and found that the dominant sectors were similar to the previous NRA findings. In this context, it was observed that sectors facilitating fund transfers and asset acquisition stood out as risky in terms of natural AML/CFT risks; the impact of this risk was mitigated within the framework of sectoral compliance activities.
National Risk Assessments help shed light on the dark corners of countries’ economies. This is not merely a bureaucratic exercise. It is vital that stakeholders in both the public and private sectors understand and support the NRA process in order to create a more reliable economic environment and a secure future.
The next time you hear about “financial crime” or “anti-money laundering regulations,” remember this: behind the scenes, there is a team working to map risks and combat them more effectively.
