The Complete Guide to Using AI in the Financial Services Industry in Turkey in 2025

AI is reshaping Türkiye's financial services in 2025 because it delivers real operational gains - fraud systems now scan ~40 million transactions daily and flag roughly 500 suspicious cases, and one bank reported a 98.7% cut in fraud losses over seven years - while regulators race to catch up: the National AI Strategy (NAIS) and its 2024–2025 Action Plan set priorities for talent, data and infrastructure even as the DTO's duties moved to the new Cybersecurity Authority and bodies like BRSA and KVKK apply existing rules to AI use, as explained in the Turkish Law Blog legal overview of AI developments in Türkiye Turkish Law Blog legal overview of AI developments in Türkiye.

Banks must also keep customer data in Türkiye and add binding clauses with AI vendors, so practical skills in prompt design, vendor governance and privacy-aware deployment matter - skills that Nucamp's Nucamp AI Essentials for Work bootcamp (registration page) teaches for real-world adoption.

The payoff is clearer customer service via chatbots and smarter credit, but success depends on governance, transparency and upskilling across the sector.

“This year's findings position Türkiye as a country with the potential to lead, not just catch up, in AI.”

The future of AI in Türkiye's finance sector will look less like a single silver-bullet technology and more like an orchestration of strengths - LLMs handling ambiguous, unstructured signals while traditional ML keeps score on tabular credit models - so banks can finally automate grunt work and surface high‑quality leads for human investigators; as practitioners report,

LLMs are already "investigative partners" that spot subtle invoice mismatches and even a fraud ring via recurring grammatical quirks. Read the Taktile case study: Taktile - LLMs as investigative partners in fintech fraud detection.

Expect rapid uptake of real‑time transaction scoring, behavioral biometrics and NLP for KYC/AML, plus retrieval‑augmented generation (RAG) to ground answers in bank data - tools that cut false positives and speed triage while keeping auditors happy (overview of leading AI use cases in finance: RTS Labs - Top AI use cases in finance).

The "so what?" is practical: with clear governance, human‑in‑the‑loop checks and privacy‑aware deployments, Turkish banks can turn generative AI from an expensive experiment into a predictable, auditable layer that finds fraud faster, automates back‑office workflows and frees skilled teams to focus on complex, high‑value decisions (see how long‑context LLMs power grounded financial analysis: AI21 Labs - Long‑context LLMs for grounded financial analysis).

Türkiye's AI policy for financial services in 2025 is best described as active but still patchwork: the National Artificial Intelligence Strategy (NAIS 2021–2025) and its 2024–2025 Action Plan set clear priorities on talent, data and standards, while institutional responsibilities shifted after Presidential Decree No.

157 (28 Mar 2025) dissolved the DTO and moved duties to the new Cybersecurity Authority; see the Turkey 2024–2025 Artificial Intelligence Action Plan for the specific measures to boost domestic R&D and data spaces Turkey 2024–2025 Artificial Intelligence Action Plan (R&D and data spaces measures).

Regulation remains largely sectoral and interpretive: BRSA and the Capital Markets Board apply existing banking and capital markets rules to AI, KVKK updated its AI recommendations (Apr 2025) and issued chatbot guidance (Nov 2024), and a June 2024 AI Bill in parliament sketches high‑level principles - safety, transparency, accountability - and possible registration and turnover‑based fines but leaves many sectoral details to secondary rules (White & Case Turkey AI Bill regulatory tracker).

For banks that already run systems scanning ~40 million transactions daily and flagging ~500 suspicious cases, the policy picture matters: data localization, binding vendor clauses and human‑in‑the‑loop obligations are the practical hooks that turn strategic aims into compliant, auditable AI deployments.

Türkiye's National Artificial Intelligence Strategy (NAIS 2021–2025), prepared by the Presidential Digital Transformation Office and the Ministry of Industry and Technology, frames AI as a national growth engine with six strategic priorities, 24 objectives and 119 measures designed to be a living, adaptive roadmap that balances prudence with speed; its headline targets are concrete - lifting AI's contribution to GDP to 5% and growing AI employment to 50,000 by 2025 - and the strategy pairs skills, data and infrastructure workstreams with governance tools (steering committees, sectoral co‑creation labs and a Public AI Platform) so public and private projects can scale.

The follow‑on 2024–2025 Action Plan adds sectoral detail and implementation steps - from clarifying intellectual property questions and patentability of AI tools to strengthening data governance and creating a Central Public Data Space - making the NAIS less theoretical and more operational for finance firms that need secure, auditable data flows.

The result is a pragmatic national playbook: ambitious numeric goals (50,000 AI roles, 5% GDP share) give the strategy teeth, while the twin emphasis on shared infrastructure and regulatory guidance aims to turn Turkish R&D and startups into deployable systems that banks and insurers can trust and procure.

Read the full NAIS and its measures on the official strategy resource and the legal summary of the Action Plan for the implementation details.

Public AI programming in Türkiye is built around TÜBİTAK's hands‑on funding and startup engines that push lab models into bankable products: the Artificial Intelligence Ecosystem Call (1711) reopened in 2025 to help companies turn home‑grown AI into commercial solutions - with 41 projects funded so far and 215,530,447 TL committed - and explicitly lists Financial Technologies among its five priority areas, requires a consortium including a customer firm, at least one SME technology provider and a university or public research centre, and opens applications via the TEYDEB/PRODİS portal starting 15 May 2025 (TÜBİTAK 1711 Artificial Intelligence Ecosystem Call 2025 - official announcement); complementary SME R&D support through the 1507 programme gives early founders generous grant rates (commonly ~75% support for SME projects with call‑specific caps and monitoring/reporting rules), while TÜBİTAK's BiGG investment channel and accelerator network convert proof‑of‑concepts into companies (101 entrepreneurs earned the 2025 Seal of Excellence in the BiGG 1st Call) and international partnerships (e.g.

the MSE‑MIGHT Grand Challenge) offer larger R&D grants (up to several million TL) for industry‑academia consortia; the practical takeaways for finance firms are clear - tap 1711 for productisation and vendor partnerships, use 1507 for SME R&D lift, and leverage BiGG/Grand Challenge routes for seed scaling and cross‑border R&D links, while planning for the multi‑year commercialization monitoring that TÜBİTAK applies to supported projects.

Türkiye's regulatory and institutional landscape for AI in finance in 2025 is best read as a pragmatic patchwork: the Digital Transformation Office's responsibilities were moved to the new Cybersecurity Authority after Presidential Decree No.

157 (28 Mar 2025), while sectoral supervisors - BDDK (BRSA) and the Capital Markets Board - are already applying existing banking and capital‑markets rules to AI-driven practices and amending rules (for example, remote ID and agent‑led actions) rather than waiting for a single AI law; for a legal primer see the Turkish Law Blog's overview.

At the same time the Personal Data Protection Authority (KVKK) has updated its AI recommendations (and earlier chatbot guidance) and finance firms must follow strict data‑localization requirements and binding vendor clauses so that customer data stays in Türkiye.

A June 2024 AI Bill sketches high‑level principles (safety, transparency, accountability) and contemplates registration and turnover‑based fines, but many sectoral obligations remain for secondary rules - White & Case's regulatory tracker captures this uncertainty while listing the agencies likely to wield indirect enforcement.

Practically, banks that already run systems scanning ~40 million transactions daily and flagging ~500 suspicious cases need clear vendor governance, human‑in‑the‑loop controls and a mapped liability strategy because current fault‑based regimes still leave gaps around who answers when an AI system harms customers.

“This seal, alongside our algorithmic accountability guidelines, assures citizens that AI-driven public services are effective, fair, and comprehensible.”

Practical AI adoption in Türkiye's finance sector is already moving from pilots to production with measurable results: retail and corporate banks use transaction‑scoring engines to cut fraud losses and free investigators, as Fibabanka did when it selected GBG Predator to block multi‑channel scams and recovered over US$450,000 in a single year while lowering false positives and enabling business users to author rules without scarce IT resources (Fibabanka GBG Predator case study); insurers have matched that operational focus, with Aksigorta using SAS's hybrid analytics to raise fraud detection by 66%, deliver a decision in eight seconds and pass premium savings back to customers (Aksigorta SAS real‑time detection case study).

Academic and vendor work underpin these wins: an ERP fraud study from Istanbul Aydın University shows a One‑Class SVM + CNN approach reaching 96.78% detection accuracy for enterprise systems, demonstrating that anomaly‑detection layers can be tuned for institutional data and integrated into back‑office workflows (ERP fraud detection study - Istanbul Aydın University).

The practical payoff for Turkish firms is clear - faster triage, fewer false positives, and auditable pipelines that let banks and insurers scale AI from a defensive filter into a trusted, operational layer that saves time and money.

“It used to take our investigators six months to expose cases of organized fraud. SAS allows us to do it in 30 seconds.” - Yalcin Terlemez, IT Division Manager, Aksigorta

Data protection sits at the center of trustworthy AI in Türkiye: the updated KVKK framework introduced in 2025 tightens consent, expands protected categories (now explicitly flagging biometric and genetic data as highly sensitive), and pushes organisations toward proactive risk management - mandatory data protection impact assessments, higher fines for breaches, and DPO appointments for large processors - so banks and fintechs using model training sets or chatbots must treat privacy as a first‑class engineering requirement rather than an afterthought.

The law reinforces purpose limitation and data minimisation, sharpens cross‑border transfer rules (Article 9 issues when foreign hosts process Turkish personal data), and adds subject rights such as portability and the ability to object to automated decisions; practical compliance therefore needs VERBIS registration, granular consent flows, and chain‑of‑custody logs for training datasets, as legal advisers note in their KVKK 2025 guide.

Sectoral AI rules layer on top: Türkiye's emerging risk‑based AI regime expects transparency, human‑in‑the‑loop safeguards and algorithmic auditing to prevent bias and discrimination, while chatbot guidance and sector notes clarify disclosure and logging obligations for conversational systems.

For financial firms, the “so what?” is simple - embed DPIAs, vendor clauses and audit trails into AI projects now or face heavier penalties and remediation duties later (see Alfa Law's KVKK 2025 compliance guide, KVKK's chatbot note, and Nemko's overview of AI regulation in Turkey for practical next steps).

Procurement and contracts are the operational linchpin for Turkish financial firms rolling out AI in 2025: expect tight data‑localisation and encryption clauses, clear SLAs with uptime and remediation timelines, audit and access rights for logs, and vendor warranties that assign responsibility for KVKK breaches and model faults - practical must‑haves reflected in Turkey's cloud and sector rules (BRSA permission for community clouds, CBTR verification for payment‑service providers) and the hands‑on guidance lawyers are already using in risk mapping (see the Q&A on cloud computing law in Turkey and Istanbul Law Firm's AI compliance briefing).

Due diligence should probe training data provenance, bias mitigation processes and the right to audit, while contracts must plan for continuity and data transfer on supplier insolvency (clauses often required where vendors access confidential data).

Include human‑in‑the‑loop obligations, explainability and DPIA deliverables, and turnover‑based termination/penalty triggers to mirror the AI Bill's proposed enforcement levers; law firms recommend embedding regular audit windows and remediation SLAs so a bank scanning ~40 million transactions a day keeps customer data in Türkiye and preserves an auditable chain of custody.

For practical negotiation checklists and vendor clause templates, counsel commonly draws on vendor‑risk playbooks and contract drafting checkpoints used by market practitioners.

“It used to take our investigators six months to expose cases of organized fraud. SAS allows us to do it in 30 seconds.”

Conclusion - a practical 2025 roadmap for Türkiye's financial sector: treat governance as the launchpad, not the finish line - embed DPIAs, human‑in‑the‑loop checks and explainability into high‑risk use cases, enforce strict data‑localization and binding vendor clauses, and pick a “sliding‑scale” scrutiny model so credit scoring and fraud engines get the highest controls while back‑office automation moves faster (the legal review of Türkiye's financial AI landscape outlines these regulatory realities and obligations Legal review: AI in Turkish financial services (Turkey AI 2025/26)).

Practically speaking, that means documenting provenance for training sets, mapping liability in contracts, and designing audit trails that survive vendor transitions - all urgent when systems already scan ~40 million transactions daily and flag ~500 suspicious cases, and one bank reports a 98.7% cut in fraud losses over seven years.

Pair governance with skills and infrastructure: pursue targeted upskilling (prompt design, RAG, vendor governance) and practical workplace training like the Nucamp AI Essentials for Work bootcamp registration, and invest in low‑latency, secure connectivity so models can run on compliant onshore data paths.

With clear contracts, staged oversight, robust DPIAs and workforce reskilling, Turkish banks and fintechs can move from costly pilots to auditable, high‑ROI AI that protects customers and regulators alike.

“Many companies have already made significant progress in their digital transformation journey. However, for cutting-edge technologies like AI to be truly integrated into business processes, robust, low-latency, and direct connectivity infrastructure is essential. This is where secure and dedicated connections – independent of the public Internet – come into play.” - Bülent Şen, DE‑CIX Türkiye Regional Director