Banking supervision in Greece is regulated by the Single Supervisory Mechanism (SSM) which was established under EU Regulation 1024/2013. This Regulation confers powers on the European Central Bank (ECB) for the prudential supervision of credit institutions. Its operational framework is specified by Regulation 468/2014 establishing the framework for co-operation between the ECB, national competent authorities, and national designated authorities within the SSM. 

Under the above regulatory framework, the ECB has undertaken the direct prudential supervision of banks established in the eurozone and classified as significant, while the remaining institutions are supervised by national competent authorities under ECB guidance. The following Greek banks are subject to direct supervision by the ECB, in co-operation with the Bank of Greece (BoG):

• Alpha Bank SA;
• Eurobank SA;
• National Bank of Greece SA; and
• Piraeus Bank SA

Smaller institutions are subject to the prudential supervision of the BoG, which seeks to protect the soundness, financial health and stability of the financial system and ensure that banks do not undertake excessive risks that may endanger their performance. Prudential supervision includes assessing the solvency and liquidity of the banks, as well as the strategies, internal procedures and mechanisms implemented thereby to ensure compliance with the above EU regulatory framework as well as Law 4261/2014 (the Banking Law). It also monitors compliance with Regulation 575/2013 (CRR) and Level 2 measures on regulatory reporting, capital adequacy and liquidity requirements.

Moreover, in accordance with Law 4557/2018 as amended by Law 4734/2020, implementing Directives 2015/849 and 2018/843 on the prevention and control of money laundering and terrorist financing (the AML/CTF Law), the BoG is appointed as the competent authority for the supervision of compliance with AML/CFT provisions.

Finally, the Hellenic Capital Market Commission (HCMC) undertakes supervision of Greek banks with regard to the provision of investment services and related activities as well as compliance with requirements of Law 4514/2018, implementing the MiFID II Law. Furthermore, HCMC is the competent authority for market abuse for Greek banks with listed shares pursuant to the Market Abuse Regulation (Regulation 596/2014) and Law 4443/2016.

The core legal and regulatory framework governing the operation of banks in Greece comprises the following:

• SSM Regulation;
• SSM Framework Regulation;
• Single Resolution Mechanism;
• CRR;
• Sociétés Anonymes (SAs) Law (Greek Law 4548/2018) — the predominant legal structure of banks established and operating in Greece;
• Banking Law; and
• relevant acts issued by the BoG. Said BoG acts consist of BoG Governor’s Acts, BoG Executive Committee Acts, BoG Banking and Credit Committee Decisions and BoG Credit and Insurance Committee Decisions. They regulate the granting of banking licences, internal control systems and corporate governance issues, obligations arising from the AML/CTF Law, reporting obligations and transparency in banking transactions.

The following EU and Greek pieces of legislation supplement the core legal and regulatory framework described above:

• Directive 2014/59 (bank recovery and resolution or BRRD), transposed by Greek Law 4335/2015 (the BRRD Law);
• Directive 2014/49 (on deposit guarantee schemes),transposed by Greek Law 4370/2016; 
• Financial Action Task Force (FATF) recommendations and the relevant EU legal framework; 
• Greek Law 4537/2018, implementing Directive 2015/2366 (the PSD II Law); and
• the MiFID II Law.

Banks established and operating in Greece must be authorised by the BoG. Since 4 November 2014, all banks need authorisation from the ECB to operate in a member state which is part of the SSM, as is Greece. Natural or legal persons that are not qualified as credit institutions are prohibited from taking deposits or other repayable funds from the public.

In particular, Greek banks may be established and operable as: (a) SAs; (b) credit co-operatives; (c) European companies (societas Europaea); or (d) European co-operative societies. Greek SA banks — the predominant legal structure of banks established and operating in Greece — adhere to SA regulations, while banks in the form of credit co-operatives are regulated by Law 1667/1986. Moreover, banks may be licensed to perform all banking activities listed in Annex I of the CRD IV. These activities include:

• acceptance of deposits or other repayable funds;
• lending or granting of other credits including consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting);
• financial leasing;
• payment services as defined in Article 4(3) of the PSD II Law;
• issuing and administering other means of payment (ie, travellers' cheques and bankers' drafts) insofar as such activity is not covered by the above point;
• guarantees and commitments;
• dealing on its own account or on account of customers in any of the following:

       a) money market instruments (cheques, bills, certificates of deposit, etc);

       b) foreign exchange;

c) financial futures and options;

       d)exchange and interest-rate instruments;

       e) transferable securities;

       f) participation in securities issues and the provision of services relating to such issues, in particular underwriting;

       g) advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertakings;

       h) money broking;

       i) portfolio management or advice;

       j) safekeeping and administration of securities;

       k) credit reference services, including customer credit rating;

       l) safe custody services;

       m) issuing electronic money; and

       n) investment services and activities as well as ancillary services provided for in the MiFID II Law.

The BoG may, in addition to the activities described in Annex I of the CRD IV, allow banks to carry out other financial or secondary activities, according to the applicable legislation, provided that the relevant risks are fully hedged.

In addition, a credit co-operative may conduct banking transactions solely with its members, other banks and the government. Subject to prior approval by the BoG, it may also carry out banking transactions with non-members, with a maximum amount allowed of 50% of its total loan or deposit business.

Licensing requirements include:

• full pay up the (i) initial capital equal to at least EUR18 million or EUR9 million in the case of third country branches, or EUR6 million in the case of banks and credit co-operatives licensed as banks, as well as (ii) any additional funds that may be required in order to ensure that, during its first three years in operation, the new bank's own funds meet the expected capital requirements and the minimum initial capital on a continuous basis;
• at least two persons effectively directing the bank’s business and participating as executive members of its board of directors (BoD);
• Greek banks need to have both their head office and registered office in Greece; and
• compliance with conditions for participation in the Hellenic Deposit and Investment Guarantee Fund (TEKE).

Licensing applications are exclusively submitted to the BoG which, via the provisions of the BoG Executive Committee’s Act 142/11.06.2018 as recently amended by BoG Executive Committee’s Act 178/2.10.2020, determines the contents thereof, the documentation and information required, the specific conditions and the licensing procedure to be followed. Where the BoG assesses that the legal conditions for licensing under the Banking Law are met, it proceeds to the submission of a proposal in the form of a draft licensing decision to the ECB. Alternatively, if per the BoG assessment the respective requirements are not met, the BoG rejects the licensing request. Unless the ECB objects, the BoG proposal is deemed to be adopted.

Applications for licensing must, inter alia, be accompanied with:

• a schedule of operations setting out the types of business envisaged and the bank’s structural organisation;
• information about the heads of the critical functions, including their identity, reputation, education, any criminal convictions, property, experience and training;
• details of the bank’s main operational and organisational arrangements (namely, the scope of business, time schedule for achievement of objects, group structure if applicable, as well as the structure of its internal control system, including the internal audit, risk management and compliance functions and procedures required for compliance with its organisational obligations; and
• draft Articles of Association (AoA).

Time and Cost Estimation

Where the BoG rejects a licensing application, it notifies the applicant of its decision,and the reasons thereof, within six months of its receipt. Where the application file is incomplete, the applicant must provide the missing information within twelve months from when the BoG receives the information. In any case, under the Banking Law a decision to grant or refuse licensing may be taken within 12 months from the receipt of the application.

Save for legal fees, or fees paid for advisers (ie, tax or finance), no statutory/regulatory fees are required for the submission of the respective licensing application to the BoG.

With regard to the establishment of EU or EEA-licensed banks, the Banking Law has fully implemented the single passport principle. Therefore, said banks that are licensed in their home member states may perform banking activities in Greece, either through an establishment or on a cross-border basis, subject to relevant notification sent to the BoG by the home member state regulator.

Finally, with respect to non-EU or non-EEA-licensed banks, pursuant to the Banking Law in conjunction with the MiFID II Law, such institutions may carry out banking activities in Greece, either through an establishment or on a cross-border basis, subject to obtaining a licence by the BoG. In such case, the provisions of BoG Executive Committee’s Act 58/18.1.2016 regarding the establishment and operation of branches of credit institutions established in third countries shall apply.

The terms and conditions for the acquisition or increase or decrease of a qualifying holding in a bank (ie, a direct or indirect holding in an undertaking which represents 10% or more of the capital or of the voting rights or which makes it possible to exercise a significant influence over the management of that undertaking) are laid down in the Banking Law, and are further specified in BoG Executive Committee’s Act 142/11.6.2018 (as amended by BoG Executive Committee’s Act 178/2.10.2020) and Banking and Credit Committee’s Decision 211/1/5.12.2005.

In particular, any natural person or legal entity deciding to directly or indirectly acquire or increase a qualifying holding in a bank, as a result of which either the proportion of the voting rights or the capital held would reach or exceed the thresholds of 20%, 50% or one-third, or so that the bank would become its subsidiary, must pre-notify the BoG in writing, indicating the size of the intended holding and the fulfilment of the conditions required by the BoG.

Under the Banking Law, pre-notification to the BoG is also required in case of an acquisition of a holding amounting to at least 5%. However, in this case the BoG will assess – within five working days – whether the holding will lead to a significant influence over the bank and, if so, will notify the proposed acquirer and conduct an assessment on the conditions required for the acquisition.

On assessment of the proposed acquisition, the BoG will prepare a draft decision for the ECB to oppose or accept, based on specific criteria. If the ECB does not oppose the intended acquisition within 60 days, it will be deemed approved.

In principle, the applicable regulatory process does not distinguish between a Greek and foreign acquirer, except for in:

• the extension of the assessment period to a total of 90 days, where the BoG requests additional documents from a proposed acquirer being situated or established in a third country or not subject to supervision under the CRD IV, the MiFID II, the EU Solvency II Directive (2009/138/EU), the EU Undertakings for the Collective Investment in Transferable Securities Directive (2009/65/EU); and
• the co-operation between the BoG and the national competent authorities of a foreign proposed acquirer.

In order to ensure the sound and prudent management of the bank in which the acquisition is proposed, the BoG will review the notification and all information provided, assess the suitability of the proposed acquirer and the financial soundness of the proposed acquisition and consider:

• the reputation and reliability of the proposed acquirer;
• the reputation, knowledge, skills and experience of the proposed new directors and key function holders;
• the financial soundness of the proposed acquirer;
• whether the bank will be able to comply with its prudential supervision obligations on a continuing basis; and
• whether there is any risk deriving from the proposed acquirer being tied to any money laundering or terrorist financing activities.

The proposed acquirer must accompany notification to the BoG with specific questionnaires and supporting documentation specified in the BoG Executive Committee’s Act 142/2018 as amended by BoG’s Executive Committee’s Act 178/2.10.2020.

The corporate governance regime applicable to banks is primarily set out in the Banking Law and supplemented by the BoG Governor’s Act 2577/2006, as in force. In terms of Greek banks whose shares are listed for trade on the Athens Stock Exchange, Law 3016/2002 on corporate governance of listed companies also applies, while the Sociétés Anonymes Law supplements the regulatory and corporate legal framework.

Pursuant to the Banking Law, banks are required to have:

• robust governance arrangements, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility;
• effective processes to identify, manage, monitor and report the risks they are or might be exposed to;
• adequate internal control mechanisms, including sound administration and accounting procedures;
• remuneration policies and practices that are consistent with and promote sound and effective risk management; and
• recovery plans.

Such arrangements, processes and mechanisms must be comprehensive and proportionate to the nature, scale and complexity of the risks inherent in the business model and the bank’s activities.

Along with the Banking Law, BoG Governor’s Act 2577/2006 sets out the minimum corporate governance requirements that all banks should satisfy. In particular:

• the BoD consists of executive and non-executive members, out of whom at least one should be a non-executive and independent member;
• subject to the bank’s size and the complexity of its activities, the BoD is assisted by the internal audit committee, the risk management committee, the remuneration committee and other ad hoc committees (such as the nomination committee); and
• the following units, which are independent from one another, should be established:

       a) an internal audit unit that reports to the internal audit committee;

       b) a risk management unit that reports to the risk management committee and the BoD; and

       c) a compliance unit that is subject to control by the internal audit unit; the compliance manager may be also appointed as AML officer.

In addition, pursuant to BoG Governor’s Act 2577/2006, each bank should have an organisational structure and processes that ensure:

• the appointment of officers authorised to communicate with the BoG and other authorities;
• crisis management;
• a business continuation (COB) plan;
• direct or indirect involvement of at least two employees in each activity (four eyes principle);
• separation of the duties and operations of the front line from the back office;
• the involvement of the internal audit, compliance and risk management units in each product programme or significant business decision;
• financing of BoD members or general managers on an arm’s-length basis; and
• appointment of external auditors for the assessment of the internal audit system at least once every three years.

With regard to outsourcing requirements, the BoG recently issued Executive Committee’s Act 178/5/2.10.2020, adopting the guidelines of the European Banking Authority (EBA) on outsourcing arrangements and abolishing the existing framework for outsourcing, laid down in Annex 1 to BoG Governor’s Act 2577/9.3.2006.

Under the new framework, banks are required to inform the BoG of their intended arrangements for the outsourcing of critical or important functions before they enter into any outsourcing agreement, but without the need for a relevant BoG approval. However, where it is judged that the relevant supervisory requirements are not met, the BoG may decide not to allow the outsourcing of functions or may request the termination of any outsourcing agreement in force.

Furthermore, banks are obliged to maintain a register of information on all outsourcing agreements, which shall be made available to the BoG, upon request, along with any other information necessary for the exercise of effective supervision.

BoD and Key Function Holders Regulatory Approval – Fit and Proper Assessment

BoD members as well as holders of a bank’s key functions are required to be of good reputation and to have adequate knowledge, skills and experience to be able to understand the bank's activities, including the main risks, and to act with honesty, integrity and independence. 

To that end, pursuant to the BoG Executive Committee’s Act 142/11.6.2018 as amended by the BoG Executive Committee’s Act 178/2.10.2020, in cases οf the appointment of a new BoD member, a key function holder or a AML/CTF Officer, the bank must notify the BoG in writing, completing and submitting the Annex II questionnaire: “Fit and proper assessment of members of the board of directors and key function holders”. The “fit and proper” assessment focuses on the suitability of the new appointed persons in relation to their duties, as well as their professional or family relations. This procedure does not replace the bank’s primary obligation to recruit competent and suitable executives.

If the persons to be appointed have already undergone a fit and proper assessment by the BoG or another supervisory authority, in connection with duties related to regulated activities of the financial sector in accordance with EU or other equivalent law, the BoG may waive the assessment and simply require notification of the identity of either such persons or simply the regulated legal person, reserving the right of consultation with the relevant supervisory authority.

Following their approval by the BoG, the BoD members are elected by the bank’s General Meeting of the Shareholders pursuant to the provisions of the Sociétés Anonymes Law, and their tenure cannot exceed six years.

BoD’s Roles and Accountability

The BoD defines, oversees and is accountable for implementing the governance arrangements ensuring the bank’s effective and prudent management. To avoid any cases of conflicting interests, the BoG deems it necessary for banks to adopt the international best practices and principles of corporate governance, particularly in respect of segregation of executive and supervisory functions of BoD members, including the segregation of the BoD chairman’s functions from the CEO’s executive functions.

The BoD is responsible for the consistent implementation of the following, among others:

• the bank’s strategic orientation, the reassessment thereof, and adoption of suitable policies aiming at ensuring an adequate and effective internal control system;
• the adoption of a suitable risk management policy, specifying the maximum risk exposure limits acceptable from time to time, as well as a regulatory compliance policy;the adoption of a Code of Ethics complied with by the bank’s management and its overall staff, on the basis of generally acceptable standards;
• the accuracy of the financial statements annually and periodically published by the bank and its group (if any), as well as the accuracy of the data submitted to the BoG and other regulatory authorities; and
• the bank’s operation in compliance with the legal framework, its internal regulations and corporate governance principles, taking the appropriate measures regarding the selection and replacement, if needed, of officers in key positions.

The Banking Law requires banks to have remuneration policy applying to the BoD members. Such provisions are further supplemented by the Sociétés Anonymes Law as well as the BoG Governor’s Act 2650/2012. Pursuant to such provisions, the remuneration policy must be in line with the business strategy, objectives, values and long-term interests of the bank, and must incorporate measures to avoid conflicts of interest.

The non-executive BoD members must adopt and periodically review the remuneration policy and are responsible for overseeing its implementation, which must be reviewed at least annually by the bank’s internal audit unit.

Furthermore, staff engaged in control functions must be remunerated in accordance with objectives linked to their functions, independent of the performance of the business areas they control, while remuneration of senior officers in the risk management and compliance functions must be directly overseen by the remuneration committee or by the non-executive BoD members.

The remuneration policy must clearly distinguish between criteria for setting basic fixed remuneration and variable remuneration, taking into account national criteria on wage setting.

Banks must provide the BoG with information on remuneration, including the number of natural persons per institution that receive EUR1 million or more per financial year.

Banks must comply with the applicable AML/CTF framework, namely the AML/CTF Law, BoG Banking and Credit Matters Decision 281/17.03.2009 (the AML/CTF Decision), FATF Recommendations including FATF Report on Covid-19-related AML/CTF Risks and Policy Responses, EBA’s guidelines and, finally, ministerial decisions, including the decision on the establishment of the National Beneficial Owners Registry.

AML/CTF requirements include validating the transaction and identifying the parties thereof to eliminate suspicions of questionable conduct or unknown, untraceable origins of assets. For this purpose, banks must establish appropriate AML/CTF policy and IT systems for the ongoing monitoring and detection of suspicious or unusual transactions and activities.

In view of the above, banks must apply due diligence measures to new and existing clients, high-risk individuals, Politically Exposed Persons (PEPs) and transactions executed without the client’s physical presence, among others. In principle, requirements of due diligence apply:

• when carrying out an occasional transaction amounting to EUR15,000 or more, or in cases where the transaction constitutes a transfer of funds exceeding EUR1,000;
• in the case of persons trading in goods, when carrying out occasional transactions in cash amounting to EUR10,000 or more, whether the transaction is carried out in a single or several operations that appear to be linked;
• when there is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or threshold;
• when there are doubts about the veracity or adequacy of previously obtained data for the certification and verification of the customer or beneficial owner’s identity; and
• for electronic money or special prepaid instruments with a maximum payment transactions limit exceeding EUR150 in both cases.

Banks must assess the business relationship and continue to monitor on an ongoing basis, including scrutinising transactions, acting on the basis of risk assessment. Enhanced due diligence measures also apply when dealing with natural or legal persons established in the third countries identified by the European Commission as high-risk third countries as well as to transactions or business relationships with PEPs. In order to meet the due diligence requirements, banks are permitted to rely on third parties. Due diligence records must be kept for five years after the end of the business relationship with the client or five years from the date of a transaction.

When identifying a suspicious transaction, banks must:

• immediately report such transaction to the AML/CTF Authority (FIU);
• immediately provide all information requested by the FIU or other supervising authorities; and
• abstain from informing the client or any third party either that they have filed a report of a suspicious transaction or that they have received a request to provide information to any investigating authority.

Administrative sanctions are imposed in the event of a breach of AML/CTF obligations, including fines, cessation of business activities, suspension or withdrawal of operating licences and public announcement. The fine imposed may amount up to EUR5 million while an additional fine of up to EUR5 million may be imposed on BoD members, managing directors, managers or other employees.

To ensure compliance, the appointment of an AML/CTF Officer is required. Moreover, allocation of responsibilities and duties to the persons and units involved in the bank’s transactions and operations must be clear in order to ensure effective implementation of AML/CFT policy, procedures and controls and achieve compliance with the AML/CTF framework.

AML/CTF obligations, with respect to a parent credit institution, are performed by both its subsidiaries in Greece and abroad, and its branches and representative offices abroad, unless this is wholly or partly prohibited by the relevant foreign legislation, in which case FIU and the BoG must be notified.

Administration of the Hellenic Deposit and Investment Guarantee Fund (TEKE)

TEKE is the operator of the deposit guarantee and investment compensation schemes and the Resolution Fund for banks. TEKE is governed by Law 4370/2016 and is supervised by the Greek Ministry of Finance (MoF).

TEKE is responsible for:

• paying compensation to depositors in the event that deposits become unavailable;
• paying compensation to investor clients of banks when the latter become unable to fulfil their obligations towards them; and
• financing resolution measures applied to banks.

ΤΕΚΕ is composed of three separate schemes:

• the Deposit Cover Scheme (DCS) for coverage of depositors;
• the Investment Cover Scheme (ICS), for coverage of investor clients; and
• the Resolution Scheme (RS), for the financing of resolution measures.

DCS, ICS and RS are clearly distinct from each other and are separate property groups, each being solely earmarked for its respective purpose and serving such purpose in accordance with the provisions of the legislation in force.

Coverage by DCS is compulsory for:

• all Greek banks;
• foreign branches of Greek banks; and
• domestic branches of banks incorporated outside the EU.

It should be noted that branches of banks incorporated in another EU member state do not participate in TEKE, as they are covered by the Deposit Guarantee Scheme of the respective country in which their registered office is located (home member state).

DCS Funding

An initial contribution is required from banks joining the DCS and is payable within one month of the date on which they become members. New entrants in the DCS pay the initial contribution in three annual instalments by crediting the dedicated DCS account with the BoG. Regular contributions are paid annually. The key factors considered in the calculation of the annual regular contributions are the amount of covered deposits and the degree of risk assumed by each bank.

Extraordinary contributions are paid in the event that the available DCS funds are not sufficient to compensate depositors. Extraordinary contributions must not exceed 0.5% of the covered deposits of each bank per calendar year. In exceptional circumstances, higher contributions may be specified by decision of TEKE’s BoD with the consent of the BoG.

Extent of coverage under DCS

DCS covers deposits held by natural persons or legal entities, irrespective of the currency, such as:

• savings accounts;
• sight deposits;
• current accounts; and
• time deposits.

However, the following deposits are excluded from DCS coverage:

• deposits made by other banks on their own behalf and for their own account;
• banks’ own funds;
• deposits arising out of transactions in connection with which there has been a criminal conviction for AML/CTF; during the criminal proceedings, any compensation is suspended, until a final court ruling;
• deposits by financial institutions;
• deposits by investment firms on their own behalf and for their own account;
• deposits the holder or beneficiary of which has never been identified;
• deposits by insurance and reinsurance undertakings;
• deposits by collective investment undertakings;
• deposits by social security and occupational pension funds;
• deposits by public authorities as defined in Law 4270/2014;
• debt securities issued by a bank and liabilities arising out of own acceptances and promissory notes; and
• deposits by TEKE.

Compensation is paid in euro to beneficiaries of Greek banks and, with respect to depositors in foreign branches, in the currency of the country where the account is held.

The maximum level of coverage is EUR100 per depositor per bank (unless there is a case of additional coverage) for the total amount of their deposits, regardless of the number of accounts, including interest accrued by the date on which the deposit becomes unavailable. The reference date for the calculation of the repayable amount is the date on which the deposit becomes unavailable.

As regards banking secrecy and confidentiality, any information, data and transactions pertaining to a client’s banking relationship are of a confidential nature and subject to a general professional duty of confidentiality. These confidentiality obligations of general application derive from the general duties of loyalty and confidentiality that banks owe to their clients. Secrecy restrictions arising from this general duty of confidentiality may be waived with the client’s consent or approval to the extent that the relevant information does not relate to cash/securities deposits. While there are no specific rules that define such general duties of confidentiality on any banking transaction, deposits of any kind (both cash and securities) enjoy a higher degree of protection. As regards the latter, Greek legislation has followed a stricter approach, prohibiting disclosure in any manner by threatening criminal sanctions in case of violation.

In particular, the Greek Bank Secrecy Law (Legislative Decree 1059/1971) covers deposits of any kind (cash and securities) prohibiting disclosure of deposit-related information to third parties, even if the holders of the respective accounts have given their consent. The Greek Bank Secrecy Law applies to all banks operating in Greece, including foreign banks operating through a local establishment.

Banking secrecy obligations do not apply towards the BoG and solely for the purpose of exercising its competencies related to the banking supervision/regulation and to the implementation of monetary, financial and foreign currency rules. Moreover, banking secrecy is lifted in cases explicitly provided for in the law (eg, tax evasion).

The obligation to keep the confidentiality of deposits is imposed primarily over the persons who have access to clients’ accounts when performing their duties or assignments. In compliance with the generally acceptable principle of proportionality, these persons should not obtain more information than is actually needed in order to perform their duties. Any unnecessary disclosure such as granting access to persons with duties not related to the bank accounts should be avoided even within the operation and structure of a banking organisation.

Any breach may result in imprisonment for at least six months and civil liabilities towards the relevant account holders may be invoked. Authorisation or approval by the depositor benefiting from a bank's secrecy obligation does not revoke the punishable nature of the disclosure of information on deposits.

Capital Adequacy

The CRR and the CRD IV implementing the Basel III global regulatory standards on capital adequacy and liquidity provide the vast majority of the capital adequacy requirements applicable to banks. Specific liquidity requirements may be imposed by the BoG if considered necessary. There is a leverage ratio applicable to all banks which is calculated in accordance with the methodology set out in Article 429 of the CRR. Moreover, CRD IV provides for controls related to the measurement, monitoring and management of undertaken risks, coupled with detailed disclosure requirements (Pillar III). Within this framework:

• emphasis is given to Common Equity Tier 1 (CET 1) capital;
• the following capital adequacy minimum requirements are defined:

• for the CET 1 ratio, a minimum threshold of 4.5%;
• for the Tier 1 ratio, a minimum threshold of 6%;
• for the Total Capital ratio, a minimum threshold of 8%;
• banks maintain capital buffers comprising of CET 1 capital;
• banks monitor credit valuation adjustment (CVA) risk and maintain adequate capital;
• banks monitor central counterparty (CCP) risk;
• banks calculate a leverage ratio, for monitoring excessive leverage; and
• banks calculate a Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR) for monitoring liquidity risk.

On top of the above requirements, the Banking Law (Articles 121-130) has, following Basel III, introduced the necessary capital buffers.

More specifically:

• a capital conservation buffer equal to 2.5% of total risk exposure amount calculated in accordance with Article 92(3) of the CRR;
• an institution-specific countercyclical capital buffer of an amount calculated in accordance with Article 92(3) of the CRR multiplied by the weighted average of the countercyclical buffer rates; and
• a systemic risk buffer of CET 1 of at least 1% based on the exposures to which the systemic risk buffer applies can be introduced by the BoG for the financial sector or one or more subsets of that sector, in order to prevent and mitigate long-term non-cyclical systemic or macro-prudential risks not covered by the CRR.

For systemically important banks (SIFIs), each global SIFI (G-SII) must on a consolidated basis maintain a buffer corresponding to one of five sub-categories to which the G-SII is allocated by the BoG and which consists of CET 1 in addition to:

• the own funds requirement under CRR (Article 92);
• the capital conservation buffer requirement;
• any own funds requirement; and
• any institution-specific countercyclical capital buffer requirement (currently set at 0% for the fourth quarter of 2020 per BoG Executive Committee’s Act 177/2/16.09.2020).

Each other SIFI (O-SII) may be required by the BoG, on a consolidated or sub-consolidated or individual basis, to maintain an O-SII buffer of up to 2% of the total risk exposure amount calculated in accordance with the CCR (Article 92).

Where an O-SII is a subsidiary of either a G-SII or an O-SII which is an EU parent institution and subject to an O-SII buffer on a consolidated basis, the buffer that applies at individual or sub-consolidated level for the O-SII must not exceed the higher of:

• 1% of the total risk exposure amount calculated in accordance with CCR (Article 92); and
• the G-SII or O-SII buffer rate applicable to the group at a consolidated level.

Notwithstanding the above, in March 2020 the ECB announced, in a press release, a number of measures that temporarily permit the banks directly supervised by the ECB to deviate from the above — described as capital adequacy requirements, and due to the COVID-19 crisis. Pursuant to said announcement, banks may temporarily operate below the level of capital defined by the Pillar II guidance, the capital conservation buffer and the liquidity coverage ratio. Banks may also partially use capital instruments that do not qualify as CET 1 capital in order to meet Pillar II requirements.

In addition, the Banking Law requires a minimum paid-up initial capital of:

• EUR18 million for Greek banks;
• EUR9 million for branches of third-country banks; and
• EUR6 million for Greek credit co-operative banks.

These thresholds may be adjusted by the competent authority to amounts of no less than EUR5 million.

On 23 July 2015, BRRD was transposed into Greek law and came into force by virtue of the BRRD Law.

The BRRD is part of the Single Rulebook ie — the CRR, CRD IV, the BRRD and Directive 2014/49/EU (Deposit Guarantee Schemes Directive or DGSD) — which sets a uniform regulatory framework for credit and financial institutions operating in the EU for the purpose of completing the single market in financial services. Specifically, BRRD governs the EU financial services market and establishes a reference framework for the recovery and resolution of credit institutions and investment firms.

Designation of National Resolution Authorities and Funds

The national resolution authorities designated by virtue of the BRRD Law are the BoG, with respect to credit institutions, and the HCMC with respect to investment firms.

The Resolution Scheme of TEKE is designated as the national resolution fund for ensuring the effective implementation of the resolution tools in respect of banks. As far as investment firms are concerned, the respective functions are performed by the Athens Stock Exchange Members’ Guarantee Fund.

The national resolution authorities are granted with a wide range of resolution powers, including the power to request from all supervised institutions any available information, to carry out dawn raids and to impose fines and administrative sanctions. In discharging their duties, the national resolution authorities will work further in close co-operation with their counterparts at EU level, namely the Single Recovery Mechanism and the Single Recovery Fund.

In deviation from the provisions of BRRD, the consent of the MoF is required for the exercise of various powers delegated to the national resolution authorities (including giving effect to the bail-in tool).

Resolution Measures

Pursuant to the BRRD Law, with respect to Greek banks, the BoG has been designated as the national resolution authority, and the Resolution Scheme of TEKE as the national resolution fund.

The powers provided to the said competent Greek authorities are divided into three categories:

• preparation and prevention with preparatory steps such as recovery plans, while the BoG prepares a resolution plan for each bank;
• early intervention with predetermined measures at an early stage so as to avoid insolvency; and
• resolution, if insolvency of an institution presents a concern with regard to general public interest.

In the context of the BRRD Law, the BoG has the power to apply a set of resolution tools individually or in combination, in case certain trigger conditions for resolution are met as follows:

• the determination that the bank is failing or is likely to fail;
• there is no reasonable prospect that any alternative private sector measures or supervisory action taken in respect of the bank would prevent the failure of the latter within a reasonable time frame; and
• a resolution action is necessary in the public interest.

The said resolution tools are the following:

• the sale of business;
• the bridge institution,the asset separation (which may be used only in conjunction with other tools); and
• the bail-in tool.

Additionally, in adverse conditions of a systemic crisis, extraordinary public financial support may be provided through (additional) financial stabilisation tools, which consist of public equity support and temporary public ownership (Articles 57 and 58 of the BRRD Law). 

The application of the above measures is subject to certain conditions and requirements whereas, for the purposes of selecting the appropriate tool, the national resolution authorities should take a wide range of factors into consideration (eg, the feasibility and the credibility of the bank in resolution).

The Bail-in Tool

In brief, use of the bail-in tool in the context of a potential recapitalisation of a bank means that financial assistance will be drawn from the national resolution fund for the restructuring of such bank's liabilities.

Pursuant to Article 44 of the BRRD Law, applying the bail-in tool to draw funds from TEKE in favour of a Greek bank requires that:

• a contribution to loss absorption amounting to at least 8% of the total liabilities of the bank (including own funds) is made by common shareholders, holders of other instruments of ownership, holders of capital instruments and holders of other eligible liabilities and takes effect through write-down, conversion or otherwise; and
• the contribution of TEKE does not exceed 5% of the total liabilities of the bank (including own funds).

Bank deposits that undergo a recapitalisation procedure are guaranteed up to EUR100,000; under exceptional circumstances, uninsured (eligible) deposits held by natural persons or small and medium-sized enterprises might be excluded in whole or in part from the application of write-down or conversion powers.

Ranking of Claims

By virtue of the BRRD Law, as in force, a new Article 145A was introduced into the Banking Law determining the ranking of claims upon special liquidation of a bank. More specifically, in accordance with Article 145A, as amended by virtue of Laws 4340/2015, 4346/2015 and 4438/2016, the following claims are ranked preferentially in the following order:

1. claims under point (v) from Article 154 of the Bankruptcy Code (namely, claims deriving from the provision of food to the debtor, his or her spouse and his or her children, if such costs arose during the last six months prior to the declaration of bankruptcy);
2. Greek State claims arising in case of recapitalisation by the Greek State of banks pursuant to Articles 57 or 58 of the BRRD Law;
3. claims deriving from guaranteed deposits;
4. any type of Greek State claim aggregated with any surcharges and interest charged on these claims;
5. the following claims:
6. claims of the resolution fund, in case of provision of financing to the institution;
7. claims deriving from eligible deposits to the extent that they exceed the coverage threshold for deposits of natural persons and micro, small and medium-sized enterprises;
8. claims deriving from investment services that are covered by TEKE;
9. claims deriving from eligible deposits to the extent that they exceed the coverage limit and do not fall under point (e) above; claims deriving from deposits exempted from compensation pursuant to Article 11 of Law 3746/2009, which, however, do not include deposits falling under points 3, 14, 15 of this provision; and
10. all claims that do not fall within the above listed points and are not subordinated claims as per the relevant agreement, including liabilities under loan agreements and other credit agreements, agreements for the supply of goods or for the provision of services or from derivatives.

NPLs

As a result of the debt sovereign crisis of the past 12 years (2008-20) the Greek political, economical and social environment has changed dramatically. Amendments to the insolvency law, implementation of an out-of-court process, improvements to the judicial system, and creation of a special servicing sector are some of the developments that have contributed most, lowering the ratio to 40% as of 2019. The aim of the banks, according to their business plans shared with the SSM for 2019 to 2021, was the reduction of their NPLs by EUR55 billion.

In 2019, the fundamentals and prospects of the Greek economy improved, positively affecting the financial system. However, the COVID-19 pandemic crisis disrupted global financial stability and reversed the growth prospects of the Greek economy for 2020, which until then had been benign. Concurrently, the pandemic crisis heightened short and medium-term risks for the Greek banking sector. Pursuant to the BoG’s predictions, the economic repercussions of the COVID-19 pandemic are expected to take their toll on banks’ asset quality once again via the creation of new NPLs. This impact cannot be accurately measured as yet due to, inter alia, the debt moratorium applicable until the end of the year. This is as per the decisions made by banks in the context of measures put in place to support households and non-financial corporations adversely impacted by the pandemic.

In the context of the NPLs reduction objective, the Hercules Asset Protection Scheme (HAPS), a plan similar to Italy’s Garanzia sulla Cartolarizzazione delle Sofferenze model, was legislated in December 2019 by the Greek Parliament (Law 4649/2019). The HAPS provides the Greek government a guarantee against consideration for the benefit of holders of the most senior class of asset-backed securities issued by securitisation special purpose vehicles, in the context of transactions involving the disposal of NPLs originated by Greek banks. The HAPS aims to facilitate raising resources in the context of securitisation transactions and make this funding option more attractive for third-party investors. It is a scheme that is expected to clean up around EUR30 billion of bad loans from the banks' balance sheets. Greek banks are already in the process of making use of the HAPS by offloading part of their delinquent loans. One systemic bank has already completed a securitisation transaction.

Nonetheless, based on BoG staff estimates, the NPL ratio is estimated to reach approximately 25%, remaining the highest in the EU and a multiple of EU and SSM averages.

EU Banking "Quick Fix" Regulation

On 26 June 2020, Regulation (EU) 2020/873 was published in the Official Journal of the EU (OJ), amending the CRR and the revised Capital Requirements Regulation (CRR II) (the CRR “quick fix” Regulation). The CRR “quick fix” Regulation, forming part of the EU’s response to the COVID-19 pandemic, applies as of 27 June 2020, with the exception of the amendments to the calculation of the leverage ratio, which will apply from 28 June 2021. Briefly, the CRR “quick fix” Regulation:

• extends, by two years, the transitional measures for the implementation of IFRS 9;
• amends the CRR II discretion to disallow the exclusion of central bank debt from a leverage ratio, which would be effective from June 28 2021, to be a one-off assessment at the point of drawdown;
• delays the implementation of the leverage ratio buffer requirement for G-SIBs, provided for in CRR II, from January 1 2022 to January 1 2023;
• ensures that non-performing loans guaranteed or counter-guaranteed by the public sector receive the beneficial risk-weighting extended to export credit;
• brings forward the implementation date of the software asset deduction exemption, which is an exemption from the requirement to deduct certain software assets from CET 1 capital, making it available from the date the related technical standards enter into force; and
• changes the application date from June 2021 to June 2020 of the measure lowering the capital cost for retail loans, introduced by CRR II for loans granted by banks to pensioners or employees with a permanent contract against the unconditional transfer of part of the borrower’s pension or salary, changes to the SME supporting factor and the new infrastructure supporting factor.

New AML/CTF Framework

By the end of 2020, the following regulatory developments on AML/CTF are expected.

• The implementation of the new AML/CTF Legislation (Directive (EU) 2018/1673, the AMLD VI) — expected to be implemented by 3 December 2020 and applicable from 3 June 2021. Implementation of AMLD VI shall harmonise the definition of AML/CTF across the EU with the goal of removing loopholes in the domestic legislation of member states. In more detail, as a response to changing criminal methodologies and legislative priorities, AMLD VI provides a harmonised list of the 22 predicate offenses that constitute AML/CTF, including certain tax crimes, environmental crime and cybercrime. The inclusion of cybercrime as a predicate offense is significant since it is the first time it has been featured in this context in an EU money laundering directive; and
• The replacement of the BoG AML/CTF Decision.

Compliance with COVID-19 Measures

The current sanitary crisis has forced banks to comply with a number of anti-COVID-19 measures and amend their policies and procedures accordingly while taking digitalisation initiatives. Such measures include:

• establishment of procedures for social distancing and remote working (smart working); and
• implementation of thermal cameras and the testing of body temperature procedures.

The implementation of the aforesaid measures has a significant impact on banks’ data protection policies which must be amended accordingly to reflect new requirements while maintaining the enhanced confidentiality and data protection obligations required pursuant to the provisions of the General Data Protection Regulation (EU/679/2016) and Law 4624/2019 in implementation thereof.

COVID-19 Suspension and Support Measures

The Greek Banks Association announced suspension measures with respect to performing loans granted to businesses directly affected by COVID-19. In particular, payment of relevant instalments is suspended until the end of 2020. During this period, debtors shall only pay interest on their loans and no payments of principal will be made.

Moreover, a state aid scheme has been introduced in the form of guarantees granted by the Hellenic Development Bank (HDB), for eligible working capital loans. The guarantee covers 80% of the eligible costs — outstanding balance, interest and levy of Law 128/1975 — for term loans (including bond loans) meeting certain eligibility criteria. The newly established COVID-19 Guarantee Fund of the HDB will be responsible for the implementation of the scheme, which will be co-financed by the EU structural funds (ESIF).The HDB also introduced an interest subsidy scheme for businesses affected by COVID-19, for working capital loans granted by banks.

Banks are also obliged to facilitate debtors directly affected by the measures imposed by the government due to the sanitary circumstances. Such measures include:

• communication with debtors in order to record the affected households and businesses;
• provision of settlement proposals and customised solutions, including reduction or suspension of instalments payable for a three-month period;
• immediate suspension of payment of instalments for a three-month period for debtors who are eligible for the EUR800 special purpose compensation;
• suspension of any communications relating to any payments in arrears with debtors who claim a proven severe and factual inability to perform their payment obligations; and
• instruction of external partners, such as debt notification companies and legal offices, to fully synchronise the content and frequency of their direct communications with debtors regarding the above actions.