Is a Company Liable for Employee Crimes in Turkey?

Table of Contents

• Introduction: The Dual-Risk Reality for Companies in Türkiye
• The Guiding Principle: Personal Criminality and Corporate Consequences
• Parallel Sanctions: Penalties for Individuals and the Company
  • Penalties for Individuals (Executives, Directors, and Employees)
  • "Security Measures" Against the Company
• Key Risk Areas Where Corporate Liability Often Arises
  • Bribery and Corruption
  • Fraud and Abuse of Trust
  • Anti-Money Laundering (AML)
• The Strategic Defense: Mitigation Through Robust Compliance
• Conclusion: Compliance as an Essential Condition for Survival

One of the most important things for any multinational firm doing business in the Republic of Türkiye is how much it is responsible for what its workers do. If a manager accepts a bribe or an employee commits fraud, is it only the person who is in trouble with the law, or can it go up the corporate ladder and put the whole organisation at risk? The answer under Turkish law is complicated but important: a corporation can't go to jail, but it may face harsh penalties that might put it out of business. This creates a dual-risk situation where both the person and the organisation are in jeopardy.

This article talks about the laws in Turkey that control corporate criminal responsibility, the kinds of punishments your firm might face, and the prudent actions you need to take to lower these significant risks.

The Guiding Principle: Personal Criminality and Corporate Consequences

The Turkish legal system is built on a foundational principle of civil law: criminal liability is strictly personal (şahsilik ilkesi). This means that, as a general rule, only a natural person (an individual) is considered capable of forming the criminal intent necessary to commit a crime. Consequently, only individuals can be subjected to traditional criminal sanctions like imprisonment. A corporation, being a legal entity, cannot be sent to jail.

However, this principle absolutely does not grant immunity to the corporation. Turkish law has a distinct and powerful mechanism for corporate accountability through a system of "security measures" (güvenlik tedbirleri). Article 20 of The Turkish Penal Code (TPC) explicitly states that while criminal sanctions are not for legal entities, specific security measures can be applied to them.

The crucial question becomes: when can the criminal act of an employee be attributed to the company? According to TPC Article 60, these security measures are triggered when a crime is committed for the benefit of a private legal entity by one of its "organs" (like a board of directors) or "representatives" (like an executive or manager).

The courts' evaluation extends beyond direct participation by senior management. A company can be held liable if its internal control systems failed to prevent the misconduct or if it effectively "turned a blind eye" to the illegal activity. This makes the existence of a robust and demonstrably enforced internal compliance program a central pillar of any corporate defense strategy. Furthermore, this liability is not confined to direct employees. A corporation can also be held accountable for the criminal acts of its third-party agents, suppliers, or subcontractors, for example, if a local agent pays a bribe to win a contract for the company. A failure to properly supervise these third parties can be sufficient grounds for corporate liability.

The Dual-Risk Reality: Sanctions for Individuals and the Company

A single instance of corporate misconduct can unleash two parallel streams of devastating consequences, one aimed at the individuals involved and the other at the company itself.

Penalties for Individuals (Executives, Directors, and Employees)

The individuals who perpetrate a crime remain fully exposed to severe penalties designed for strong deterrence. When a crime occurs within a company, its board members and executives are considered the primary suspects. These penalties include:

• Imprisonment: Turkish law mandates lengthy prison sentences for many white-collar offenses. Bribery, for instance, carries a penalty of four to 12 years, while aggravated fraud can lead to a sentence of up to ten years.
• Judicial Fines: Courts can impose significant personal fines. These are calculated on a daily basis, with the rate determined by the individual's financial situation. As of March 2024, the potential daily rate was increased to a range of 100 to 500 Turkish Lira, substantially raising the financial stakes of a conviction.

Security Measures Against the Company

While not classified as criminal penalties, the security measures imposed on the company can be catastrophic. They include:

• Revocation of License: This is one of the most severe measures. If a company used a license granted by a public authority (e.g., a banking, energy, or construction permit) to facilitate a crime, the court can revoke that license, effectively putting the company out of business in that regulated sector.
• Confiscation of Assets: The court can order the seizure of any financial gains or property connected to the crime, stripping the company of the proceeds of its illegal activity.
• Administrative Fines: Separate from judicial fines on individuals, administrative bodies like the Financial Crimes Investigation Board (MASAK) can levy huge monetary fines directly against the company for offenses like bribery, money laundering, and bid rigging.
• Debarment from Public Tenders: A company convicted of crimes like bribery can be banned from participating in public procurement processes, cutting it off from a major source of revenue.
• Dissolution: In the most extreme cases, a court can order the complete dissolution of the company, a "corporate death penalty" that ends its legal existence.

Key Risk Areas Where Liability Often Arises

While liability can stem from any crime committed for the company's benefit, certain offenses are particularly high-risk in the Turkish business environment.

Bribery and Corruption: The Turkish Penal Code’s anti-bribery provision (Article 252) is broad, covering the offering or giving of any "undue benefit" to a wide range of public officials to influence their duties. This includes not only government employees but also managers of publicly listed companies and even foreign officials and international arbitrators. Critically, Turkish law does not recognize an exception for "facilitation payments," meaning small bribes to expedite routine actions are likely to be prosecuted as bribery.

Fraud and Abuse of Trust: Offenses like aggravated fraud (dolandırıcılık), particularly when committed against public institutions or banks, carry severe penalties. A common charge against executives is "abuse of trust" (güveni kötüye kullanma), the private-sector equivalent of embezzlement, which criminalizes the misuse of entrusted company property or funds.

Anti-Money Laundering (AML): Türkiye's position on the Financial Action Task Force (FATF) "grey list" has spurred aggressive regulation and enforcement. All "obliged entities" (including banks, crypto-asset providers, real estate agents, and jewelers) must adhere to strict Customer Due Diligence (KYC), transaction monitoring, and Suspicious Transaction Reporting (STR) requirements enforced by MASAK. Failure to comply carries significant administrative and potential criminal risk.

The Strategic Defense: Mitigation Through Robust Compliance

Given that a company's liability often hinges on a failure of oversight, the most effective defense is a proactive and demonstrable commitment to ethical conduct. A well-designed and genuinely implemented corporate compliance program is not just a preventative tool; it is a critical piece of legal defense infrastructure. It allows a company to argue that any criminal act was the work of a rogue employee acting against clear corporate policy, rather than a systemic failure reflecting a corrupt corporate culture.

A defensible program must include several essential components:

• Clear, Tailored Policies: Unambiguous policies on high-risk areas like anti-corruption, gifts, and hospitality, with an absolute prohibition on facilitation payments.
• Tone from the Top: Demonstrable commitment to compliance from the board of directors and senior management.
• Effective Training: Regular, documented training for all relevant employees to ensure policies are understood.
• Secure Reporting Channels: A confidential whistleblower system for employees to report misconduct without fear of retaliation.
• Third-Party Due Diligence: Robust protocols for vetting and monitoring agents, suppliers, and partners to mitigate the risk of being held liable for their actions.
  When an allegation does arise, the company must be prepared to conduct a swift and legally sound internal investigation, carefully navigating Turkey's complex data privacy (KVKK) and labor laws.

In conclusion, a company operating in Türkiye can and will be held accountable for the criminal actions of its employees if those actions were for its benefit and enabled by a failure of corporate governance. The resulting "security measures" can be just as devastating as a criminal conviction. The line between a commercial dispute and a criminal crisis can be perilously thin, making a proactive, deeply integrated, and unwavering commitment to compliance not just a best practice, but an essential condition for survival.

Stay ahead of complex legal landscapes and protect your business. Visit Lawzana to access expert insights, in-depth legal guides, and sign up for a Lawzana membership today to join a global network of legal professionals to help you navigate your most critical challenges.