The principal laws and regulations governing the Greek banking sector are the following.
Depending on the type of services offered to clients, credit institutions should also comply with other laws of the financial sector, including:
In addition to the laws of the banking sector, Greek credit institutions should also comply with other laws, including Law 4548/2018 on sociétés anonymes, Law 4706/2020 on corporate governance of listed entities, as applicable, as well as Regulation (EU) 2016/679 (“General Data Protection Regulation”) and Law 3471/2006.
The above laws are supplemented by acts issued by the Bank of Greece (BoG), including the BoG Governor’s Act 2501/2002, as amended and currently in force, on the information that credit institutions must provide to their customers, the BoG Governor’s Act 2577/2006 on the organisational requirements and internal control functions of credit and financial institutions, the BoG Act 392/31.05.2021 on the revision of the Code of Conduct under Greek Law 4224/2013, the BoG Executive Committee Act 178/2020 as regards the outsourcing of activities, the BoG Executive Committee Act 229/10.05.2024 on the determination of the initial capital structure for the issuance of an incorporation and operation license, as well as guidelines issued by the European Central Bank (ECB), the European Banking Authority (EBA) and other EU authorities.
The BoG is the national competent authority supervising the banking sector and exercising prudential supervision over Greek credit institutions. However, within the Single Supervisory Mechanism (SSM), the ECB directly supervises the following significant credit institutions authorised in Greece:
Less significant credit institutions are supervised directly by the BoG, which is the competent authority for overseeing entities of the financial sector, including payment institutions, credit companies and credit servicing firms.
The BoG is also the national resolution authority and, along with the Single Resolution Board (SRB), is established within the Single Resolution Mechanism to exercise the resolution powers. The SRB is competent for the credit institutions supervised directly by the ECB.
In addition, the BoG is also responsible for supervising the compliance of credit institutions with the AML/CFT framework.
The Hellenic Capital Market Commission (HCMC) is the competent authority for monitoring the compliance of credit institutions with Law 4514/2018, with respect to investment services, with the exception of certain areas which remain under the authority of the BoG.
The HCMC is also responsible for monitoring compliance with market abuse legislation, including Regulation (EU) 596/2014 (“MAR”) and Law 4443/2016, which supplements the MAR in Greece.
Credit institutions established and operating in Greece must be authorised by the ECB, which co-operates closely with the BoG. Τhe authorisation of credit institutions in Greece is one of the “common procedures”, as defined in Regulation (EU) 468/2014 (“SSM Framework Regulation”) (ECB/2014/17), on which the final decision lies with the ECB.
Greek credit institutions may be licensed to perform all banking activities listed in Annex I of CRD IV (“universal licence”), namely:
As regards MiFID II services, credit institutions may also provide these in relation to DLT financial instruments (ie, financial instruments under Law 4514/2018, which are issued, registered, transferred or stored by the use of blockchain).
In addition to the above, the BoG may allow credit institutions to carry out other financial or ancillary activities, provided that the relevant risks are fully hedged.
Natural persons or legal entities that are not licensed credit institutions are prohibited from taking deposits or other repayable funds from the public. Moreover, the provision of credit/financing, in a professional capacity, is a regulated activity in Greece, which is allowed only to duly licensed credit institutions or certain financial institutions (such as Greek authorised credit companies).
EU licensed credit institutions may perform banking activities in Greece on the basis of the EU passport – ie, through their right to establishment or on a cross-border basis, provided that the EU licensed credit institution notifies the home member state’s authority that, in turn, transmits the notification to the BoG. If the EU credit institution wishes to establish a branch in Greece, the branch will be subject to certain local requirements (including the Greek AML framework).
Authorisation Process
The authorisation of a credit institution in Greece by the ECB/BoG is subject to the requirements set out in Law 4261 as supplemented by the BoG Act 142/11.6.2018, as amended and in force, as well as other BoG acts.
For a legal entity to be licensed as a credit institution, it must have at least the following:
The licensing application must be accompanied, inter alia, by the following.
Following the BoG’s assessment of the licensing application, the BoG proceeds to the submission of a proposal (ie, a draft decision) to the ECB, which takes the final decision. Otherwise, if the BoG considers that the requirements have not been met, the BoG will reject the licensing request.
Timing and Cost Estimates
According to Law 4261 the BoG/ECB must revert to the applicant with a decision (ie, to grant or refuse the licensing application) within six months from receipt of the application, which may be extended to within 12 months of receipt of the application.
No fees are required to be paid by the applicant for the submission of the application to the BoG. However, applicants should take into account the fees paid to legal counsel and financial/technical advisers, as well as their participation in the deposit guarantee scheme.
Requirement to Notify the BoG
Any natural person or legal entity (or persons acting in concert) that has decided either to acquire, directly or indirectly, a qualifying holding in a credit institution (ie, at least 10% of the share capital or of the voting rights) or to further increase, directly or indirectly, such a qualifying holding in a credit institution as a result of which the proportion of the voting rights or of the capital held would reach or exceed 20%, 33.33% (one-third), or 50%, or so that the credit institution would become its subsidiary, must notify the BoG in advance in accordance with the qualifying holding process set out in Law 4261.
Documents Required
The proposed acquirer must submit a notification to the BoG accompanied by certain questionnaires and required supporting documents in relation to the persons/entities that will acquire (directly or indirectly) a qualifying holding in the credit institution. In certain cases, a business plan that must contain a minimum set of information should also be submitted by the proposed acquirer.
Assessment by the BoG
The BoG will assess whether the potential acquisition complies with all regulatory conditions and will prepare a draft decision which is submitted to the ECB. The ECB will thereafter decide whether or not to oppose the acquisition on the basis of its assessment of the proposed acquisition and the BoG’s draft decision. In terms of timing, the regulators will assess the proposed acquisition within 60 business days from the date of the written acknowledgement of receipt of a complete file. This can be extended up to 90 business days from the receipt of a complete file.
Other Qualifying Holdings
A person may be deemed to be acquiring a qualifying holding even in circumstances where they acquire less than 10% of the shares and voting rights, since the definition of qualifying holding also includes cases where a proposed acquirer is deemed to exercise a “significant influence” over the management of a credit institution. Under Law 4261, a prior notification to the BoG is also required with respect to the acquisition or increase of a holding that would reach or exceed 5% in the share capital or voting rights of a Greek credit institution. The BoG will, thereafter, conduct an ad hoc assessment and decide, within five business days, whether such acquisition or increase will constitute a significant influence, and if so, it will notify the proposed acquirer and carry out an assessment in light of the qualifying holding process.
Credit institutions are also subject to reporting requirements to the BoG (on becoming aware of any acquisitions or disposals of holdings which cause holdings to exceed or fall below the relevant thresholds, or where a change occurs, or on an annual basis).
The Transparency Directive
Besides the aforementioned qualifying holding approval process, notification requirements under Law 3556/2007, as amended and in force (Law 3556) implementing the Transparency Directive (Directive 2004/109) in Greece, might be also triggered as regards the acquisition of significant shareholdings in entities whose shares are traded on a regulated market (noting that the majority of the significant Greek credit institutions are wholly owned by financial holding companies which are listed on ATHEX). The shareholders should notify the issuer and the HCMC of the percentage of voting rights held by them if they directly or indirectly acquire or dispose of the shares of the issuer carrying voting rights and if, as a result of that acquisition or disposal, the percentage of their voting rights reaches or exceeds or falls below the applicable thresholds (ie, 5%, 10%, 15%, 20%, 25%, 33.33 % (one-third), 50% and 66.66% (two-thirds)) or reaches, exceeds or falls below the aforementioned applicable threshold as a result of corporate events changing the breakdown of voting rights or on the basis of information disclosed by an issuer. A notification obligation also lies with any shareholder who holds voting rights exceeding 10%, if such percentage changes by 3% or more, following acquisition or disposal of voting rights or other corporate events altering the breakdown of voting rights. New changes exceeding 3% create a new notification obligation.
The Competition Law
Additional requirements may be also triggered under the competition law.
Credit institutions are subject to corporate governance requirements stemming from Law 4261, which is supplemented by the BoG Governor’s Act 2577/20.3.2006 as amended and in force, which sets out the internal organisation and governance requirements that all Greek credit institutions must comply with. Other BoG acts must also be taken into account for specific requirements (such as outsourcing requirements, information and technology security arrangements, etc). EBA guidelines on internal governance (EBA/GL/2021/05) have not been implemented as such into Greek law, but the BoG has confirmed that it will comply with them.
More specifically, credit institutions must have robust governance arrangements, which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility; effective processes to identify, manage, monitor and report the risks they are or might be exposed to; adequate internal control mechanisms, including sound administration and accounting procedures; and remuneration policies and practices that are consistent with and promote sound and effective risk management. Diversity policies must be adopted within the context of the policies to be part of the nomination policies and procedures applicable to BoD members, senior managers and key function holders.
Such arrangements, processes and mechanisms must be proportionate to the nature, scale and complexity of the risks inherent in the business model and the credit institution’s activities.
Greek credit institutions must have the following in place.
Code of Conduct Under Greek Law 4224/2013
Greek credit institutions must also comply with the requirements (including organisation requirements) stemming from the BoG Act 392/31.05.2021 on the revision of the Code of Conduct under Greek Law 4224/2013 when providing credit to customers.
Hellenic Corporate Governance Code
In addition, Greek credit institutions that are listed on the ATHEX must also comply with the corporate governance requirements of Greek law 4706/2020. In June 2021, a new Hellenic Corporate Governance Code (“the Code”) was issued by the Hellenic Corporate Governance Council for listed companies. The Code is voluntary and facilitates the formulation of corporate governance policies and practices, which listed companies must follow depending on the characteristics of each company.
Code of Ethical Conduct
Finally, the BoD must adopt a Code of Ethical Conduct applied by the management and all the staff of the credit institution on the basis of generally accepted principles (diligence, efficiency, responsibility, professional secrecy, etc).
The members of the BoD and senior management are proposed by the nomination committee to the BoD or the shareholders’ general meeting, respectively, on the basis of suitability criteria including their honesty, integrity and independence of mind promoting the diversity of the management bodies. Senior management (including the key function holders) is finally appointed by the BoD, whereas directors are elected by the shareholders’ general meeting.
“Fit and Proper” Assessment
The BoD members and the senior managers of Greek credit institutions must meet specific suitability requirements and are subject to “fit and proper” assessment by the BoG/ECB (as the case may be) to assess that the BoD members and senior managers are of sufficiently good repute and possess sufficient knowledge, skills and experience to perform their duties and act with honesty, integrity and independence of mind.
The BoD must also possess adequate collective knowledge, skills and experience to be able to understand the credit institution’s activities, including the main risks. The overall composition of the BoD will need to reflect an adequately broad range of experience.
The key function holders – namely, the head of internal audit, head of risk management, head of compliance, chief financial officer, internal audit committee’s members and money laundering reporting officer (MLRO) – are also subject to the above criteria and the “fit and proper assessment” by the BoG/ECB (as the case may be). The fit and proper assessment shall be carried out by virtue of BoG Act 224/21.12.2023.
More specifically, the persons appointed to hold any of the above positions must submit to the BoG, through the credit institution, a completed questionnaire on the “fit and proper” assessment of the BoD members and key function holders.
BoD Roles and Accountability
The BoD defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of the credit institution, including the segregation of duties in the organisation and the prevention of conflicts of interest. Such arrangements are in line with the following principles:
The remuneration requirements applicable to Greek credit institutions are in line with the provisions of CRD IV (as amended), which have been transposed into Law 4261.
According to Law 4261, when establishing and applying the remuneration policies for categories of staff whose professional activities have a material impact on the credit institution’s risk profile, credit institutions should apply the requirements in a manner that is appropriate to their size, internal organisation and the nature, scope and complexity of their activities.
The staff whose professional activities have a material impact are the following:
In addition, credit institutions should conduct a self-assessment each year, in order to identify all staff whose professional activities have or may have a material impact on the credit institution’s risk profile.
The requirements under Law 4261 are supplemented by Greek Law 4548/2018 on sociétés anonymes, the newly introduced BoG Act 231/1/15.07.2024 transposing in Greece EBA Guidelines on sound remuneration policies which repeals Annex 9 of the BoG Governor’s Act 2577/2006, as amended.
Credit institutions must adopt remuneration policies and practices that promote sound and effective risk management and do not encourage risk taking that exceeds the level of tolerated risk of the institution. More specifically, credit institutions must adopt remuneration policies for all staff as part of their internal governance arrangements and remuneration policies for identified staff (ie, staff whose professional activities have a material impact on the credit institution’s risk profile). In particular, for identified staff, the alignment of remuneration incentives with the credit institution’s risk profile is crucial. Credit institutions should operate a gender-neutral remuneration policy.
The remuneration policy should specify all components of remuneration and also include the pension policy, covering, where relevant, the framework for early retirement, as well as the ratio between fixed and variable pay. In addition, credit institutions should consider which requirements of the remuneration policy on variable remuneration for identified staff should be included in the remuneration policy for all staff; the policy must be consistent with the objectives of the institution’s business and risk strategy, including ESG related objectives.
The non-executive BoD members must adopt and periodically review the remuneration policy and are responsible for overseeing its implementation.
Credit institutions are also subject to reporting obligations toward the BoG.
Greek credit institutions are subject to the Greek AML/CFT legislation, which is in line with the EU AML/CFT legislation. More specifically, the main legal basis is the Greek Law 4557/2018 on “prevention and combatting of money laundering and terrorist financing and other provisions”, as amended and in force (“the AML Law”). This implements the following in Greece: Directives 2015/849/EU (4th AML Directive), 2018/843/EU (5th AML Directive) and 2018/1673/EU and Decision No 281/5/17.3.2009 of the BoG’s Banking and Credit Committee specifying the obligations of credit, financial and payment institutions under the AML Law, as amended and in force (“the AML Decision”). The Greek legal framework is supplemented by other BoG acts as well as by laws and guidelines adopted at an EU level (such as EBA Guidelines on ML/TF risk factors and customer due diligence).
More specifically, Greek credit institutions are required to adopt AML policy and procedures in accordance with the Greek AML/CFT legislation. These include model risk management practices, customer due diligence, reporting, employee screening, record-keeping, internal control and compliance management, such as the appointment of an MLRO (and their deputy) on the basis of their integrity, status, academic background, experience in the relevant field and credit institution’s operations. One BoD member must also be designated as the member responsible for the credit institution’s compliance with the applicable AML/CFT framework.
In addition, Greek credit institutions must carry out customer due diligence (CDD) measures when establishing a business relationship, when carrying out occasional transactions exceeding certain thresholds, when there is a suspicion of money laundering or terrorism financing, as well as when there are doubts about the identification data previously obtained. CDD also involves the ongoing monitoring of the business relationship. In the context of the CDD measures, the verification of the relevant data of natural persons may be carried out either on the basis of original documents issued by reliable and independent authorities, or, with the explicit and special consent of the natural person, through the transmission of such documents via the electronic platform “eGov-KYC” of the Single Digital Portal of Public Administration. In addition to the eGov-KYC platform, a new platform “eGov-Know Your Business” was set up.
The Hellenic Deposit and Investment Guarantee Fund (HDIGF or, in Greek, TEKE) is the operator of three distinct schemes:
TEKE is governed by Greek Law 4370/2016, as amended (Law 4370), which transposes into Greek law, among others, the Directive on Deposit Guarantee Schemes (Directive 2014/49/EU). TEKE is supervised by the Ministry of Finance.
According to Law 4370, all Greek credit institutions (including their foreign branches) and Greek branches of credit institutions incorporated outside the EU must become members of the deposit coverage scheme held with TEKE. Such participation automatically activates the participation of credit institutions in the TEKE resolution scheme.
Branches of credit institutions incorporated in another EU member state do not participate in TEKE, as they are covered by the Deposit Guarantee Scheme of the respective member state where their registered office is located (home member state). Participation in the investor compensation scheme, which is another department of TEKE, is also mandatory for Greek credit institutions. However, Greek branches of EU member states’ credit institutions may also request to participate in the investor compensation scheme of TEKE for supplementary coverage.
Covered Deposits
TEKE covers deposits held by natural persons or legal entities, irrespective of the currency (eg, deposits in savings accounts, current accounts and time deposits). However, certain deposits are not eligible and are therefore excluded from the coverage protection, namely:
The maximum level of coverage is set to EUR100,000 per depositor, per credit institution (irrespective of the number of deposit accounts held in the credit institutions, the currency of such deposits and the location of such deposit accounts) with certain limited exemptions where the compensation may be up to EUR300,000 (eg, for sale or expropriation of private residential property, payment of a lump-sum retirement benefit or periodical pension benefits, compensation due to termination of employment, etc).
Funding of Scheme
An initial contribution must be paid by credit institutions joining the Deposit Compensation Scheme (DCS) of TEKE, within one month from the date on which they become members, which is calculated on the basis of Law 4370 and in any case cannot be higher than 8% of the credit institution’s own funds. New members pay the initial contribution in three annual instalments by crediting the dedicated DCS account with the BoG. Regular contributions are paid by credit institutions on an annual basis. The key factors to be considered for calculating the annual regular contributions are the amount of covered deposits and the degree of risk assumed by each credit institution. Within 20 calendar days from the beginning of every year, each credit institution must transmit to TEKE an annual list with the amount of its covered deposits as at the last day of each calendar quarter of the preceding year. By 30 September every year, credit institutions must also submit to TEKE the data specified by TEKE and refer to the last day of the preceding year, for the purpose of determining the degree of risk assumed by that credit institution. Extraordinary contributions are paid if the available funds of the DCS are not sufficient to compensate depositors. Extraordinary contributions must not exceed 0.5% of the covered deposits of each credit institution per calendar year. Higher contributions may be specified by a decision of TEKE’s BoD, with the consent of the BoG.
Capital Adequacy Requirements
The CRR and CRD IV (transposed into Law 4261) set out the capital adequacy requirements for credit institutions implementing, to some extent, the respective Basel III standards. Law 4799/2021 has transposed CRD V and BRRD II in Greece. As set out above in 1.1 Key Laws and Regulations, the EU Commission adopted the latest banking package in relation to the capital and prudential regime for credit institutions (CRR 3 and CRD VI), in order to be fully aligned with the Basel III framework.
Credit institutions are required to have a minimum paid-up initial capital of EUR18 million. The capital resources that a credit institution is required to maintain may be constituted by a mixture of common equity Tier 1 Capital, Additional Tier 1 Capital and Tier 2 Capital. The CRR contains detailed legal and technical requirements for eligibility of capital instruments. As regards liquidity requirements, the CRD IV and CRR, as amended, provide for quantitative liquidity standards, including the liquidity coverage ratio (LCR) and the net stable funding ratio (NSFR).
In particular, credit institutions must at all times satisfy the following own-funds requirements (which are expressed as a percentage of the credit institutions’ total risk exposure):
Buffer Requirements
The CRR 2 also introduced a leverage ratio buffer requirement for institutions identified as global systemically important institutions (G-SIIs), to be applicable as of 1 January 2023. On 16 February 2021, the EU Commission issued a report and concluded that it does not consider it appropriate to introduce a leverage ratio surcharge for other systemically important institutions (O-SIIs) for the time being.
The combined buffer requirement includes the capital conservation buffer, the counter-cyclical capital buffer, the G-SIIs buffer, the O-SIIs buffer and the systemic risk buffer. Α capital conservation buffer of 2.5% of a credit institution’s total exposures should be maintained so that credit institutions are able to avoid breaches of minimum capital requirements during periods of stress. In the context of its macro-prudential supervision, the BoG is responsible for setting the counter-cyclical capital buffer rate for Greece on a quarterly basis.
From 1 January 2016 until 2024, the BoG has kept the counter-cyclical capital buffer rate for Greece at 0% (ie, at the lowest end of the permissible range), thus not affecting the capital requirements of credit institutions. However, the BoG recently adopted act 235/2/7.10.2024, providing that the counter-cyclical capital buffer rate will be set at 0.25% as of 1 October 2025.
The O-SII buffer consists of common equity Tier 1 Capital and its rate is set by the BoG at a level of up to 2% of the total risk exposure amount and is reviewed at least once a year. The BoG has defined that the four Greek systemic credit institutions qualify as O-SIIs (and should comply at a solo level, while their parent financial holdings should also comply at a consolidated level) and set the applicable O-SII buffer rates (1 – for Eurobank Ergasias Services and Holdings S.A. at consolidated level – and 1.25% for all O-SIIs for 2024 and for 2025). The BoG has decided not to activate the systemic risk buffer and the global systemic institutions buffer. The BoG has additional macro-prudential tools to apply towards credit institutions. In this respect, in March 2024, the Bank of Greece enacted binding borrower-based measures (BBMs) for loans and other credit to natural persons secured by residential real estate (RRE) located in Greece, which become applicable on 1 January 2025.
Supervisory Review and Evaluation Process
Credit institutions are required to assess the adequacy of their own capital through the Internal Capital Adequacy Assessment Process, which is then subject to review by the regulator in the context of the Supervisory Review and Evaluation Process (SREP) where the results from the stress tests are also assessed. The BoG or the ECB may impose additional capital requirements in the context of the SREP assessment, if such evaluation reveals major deficiencies or in other cases provided by law. In particular, the Pillar Two requirement (P2R), which is determined on the basis of the SREP, is a credit institution-specific capital requirement which applies additionally in order to cover risks that are underestimated or not covered by the minimum capital requirement. The capital the ECB or BoG asks credit institutions to keep based on the SREP also includes the Pillar Two Guidance (P2G), which indicates to credit institutions the adequate level of capital to be maintained to provide a sufficient buffer to withstand stressed situations. Unlike the P2R, the P2G is not legally binding.
Additional Own Funds Requirements
Following the transposition of the CRD V into Greek law, the competent authority may impose additional own funds requirements in accordance with Articles 104a et seq. In addition, credit institutions are obliged to set their internal capital at an adequate level of own funds sufficient to cover all the risks expected to be covered by a credit institution, and to ensure that the credit institution’s own funds can absorb potential losses resulting from stress scenarios, including those identified under the supervisory stress test. Guidance on additional own funds is provided to credit institutions by the competent authorities. The quantitative capital requirements under CRD IV and CRR are supplemented by the obligation under the BRRD as amended by BRRD II for credit institutions to satisfy at all times a minimum requirement for own funds and eligible liabilities (“MREL”), which is determined by the competent resolution authority on an annual basis (on a credit institution-specific basis). The target for the MREL requirement (as determined under the BRRD II by the resolution authority) is composed of a loss-absorption amount (LAA), which includes the sum of the Pillar One requirement and the Pillar Two requirement as determined by the competent authority, and any requirement in relation to the leverage ratio and a recapitalisation amount (RCA). Greek credit institutions have already taken initiatives to meet the MREL by the end of 2025 (ie, they have issued in recent years Additional Tier 1 capital instruments (AT1) and Tier 2 capital and senior unsecured bonds, which are also an additional source of funding).
Resolving a Failing Credit Institution – Resolution Measures
Greek Law 4335/2015, as amended (Law 4335), incorporated the provisions of Directive 2014/59/EU (BRRD) into Greek legislation and set out the legal framework for the recovery and resolution of credit institutions. This was amended, in 2021, by Law 4799/2021, transposing the BRRD II into Greek law. The BRRD (as amended by BRRD II) is, in general, in line with the FSB Key Attributes of Effective Resolution regime, which is a soft law.
In the case of a credit institution failure, the provisions of Law 4335 are applicable. More specifically, the credit institution’s BoD, which considers the credit institution to be failing or likely to fail on the basis of certain objective criteria, must notify, without undue delay, the BoG in accordance with Law 4335 and the Bank of Greece Act No 111/2017.
At an earlier stage in the deterioration of a credit institution’s financial conditions, the resolution authorities may adopt one of the early intervention measures provided in Law 4335 (eg, to require the BoD of the credit institution to implement one or more of the arrangements or measures set out in the recovery plan or to require one or more members of the management body to be removed or replaced). The BoG has already endorsed the EBA guidelines on recovery plan indicators (BoG 222/1/2.11.2023). In addition, the competent resolution authority may take a resolution action where all the following conditions are met, regardless of whether an early intervention measure has been adopted:
In particular, the resolution authorities may use one or more of the following resolution tools:
Other measures can be used to the extent that they conform to the principles and objectives of the resolution set out under the BRRD. In circumstances of extraordinary systemic crisis, the credit institution’s resolution may, as a last resort, involve government financial stabilisation tools consisting of public equity support and temporary public ownership tools. These measures would nonetheless only become available if certain conditions are met, including that the credit institution’s shareholders and creditors bear losses equivalent to 8% of the credit institution’s liabilities.
A special commissioner may be appointed by the resolution authorities to replace the BoD of the credit institution under resolution.
Principles – Protection of Depositors
When applying the resolution tools and exercising the resolution powers, the resolution authorities should take into account certain principles provided under the BRRD, including that:
In any case, the eligible deposits held with the credit institutions will be protected up to EUR100,000 (covered deposits) and are therefore excluded from the scope of application of the bail-in tool.
If the credit institution’s authorisation is revoked, the credit institution will be mandatorily placed under a special liquidation in accordance with Law 4261. The provisions of the Greek Bankruptcy Code (Law 4738/2020, as amended) may apply additionally to the provisions of the special liquidation of a credit institution, to the extent that they do not contradict Article 145 et seq of Law 4261 or any delegated BoG acts. Article 145a of Law 4261 provides the hierarchy of claims in the special liquidation of credit institutions. Law 3458/2006, as amended, incorporates Directive 2001/24/EC in Greece and provides for the special liquidation procedure applicable to credit institutions.
The shift towards a greener and more sustainable economy has become a key priority at a global and EU level. Following the publication of the 2030 Agenda for Sustainable Development by the UN General Assembly (in 2015), setting out the core sustainable development goals (SDGs), the EU Commission took these SDGs into account in the next steps towards a sustainable EU future, and presented the European Green Deal in 2019, part of which is a European green investment plan that aims to establish a framework to facilitate the public and private investments needed for the transition to a climate-neutral, green, competitive and inclusive economy. A series of legislation and other initiatives in relation to sustainable finance and environmental, social and corporate governance (ESG) factors have also been published at EU level.
ESG has evolved and moved from the sidelines to the forefront of decision-making for an increasing number of credit institutions and investors when making investment decisions in the financial sector, which leads to increased longer-term investments into sustainable economic activities and projects.
In the banking sector, the main regulatory and legislative initiatives are the following at EU and local level.
EU Level
After setting sustainable development as a key pillar of its strategy, the EU is aiming to become the first climate-neutral continent. It is already developing a strategy to achieve this goal, while aligning its funding framework with the global SDGs. The EU has developed a targeted framework of actions to finance sustainable growth (EU Action Plan on Financing Sustainable Growth) structured around three main pillars (with ten sub-actions), namely: reorienting capital flows towards a more sustainable economy; mainstreaming sustainability into risk management; and fostering transparency and “long-termism”.
In the framework of the European Green Deal, the EU urges businesses, and public authorities to orient themselves towards economic activities that have a lasting positive impact on the environment and that are either environmentally sustainable or contribute to the transformation of activities to become environmentally sustainable. In this respect, companies (including credit institutions) are already subject to extensive non-financial disclosure requirements and need (or will need) to comply with additional disclosure and organisational requirements in light of Regulation (EU) 2020/852 (“Taxonomy Regulation”) and include in their non-financial disclosures information on how and to what extent their activities are associated with economic activities that qualify as environmentally sustainable. The Taxonomy Regulation has been supplemented, inter alia, by Delegated Regulation (EU) 2021/2139, which established, inter alia, the technical screening criteria for determining the conditions under which an economic activity qualifies as contributing to climate change mitigation. In addition, Regulation (EU) 2019/2088, as amended by the Taxonomy Regulation (“Sustainable Finance Disclosures Regulation”), Regulation (EU) 2019/2089 on sustainability benchmarks, Regulation (EU) 2023/2631 on European Green Bonds (EUGBS) (expected to become applicable on 21 December 2024), Directive (EU) 2022/2464 on corporate sustainability reporting (CSRD), and the recently adopted Directive (EU) 2024/1760 on corporate sustainability due diligence (CSDDD), should be taken into account in the ESG framework. EU credit institutions must disclose information on ESG issues in accordance with the aforementioned legislation (including the EBA technical standards).
The EU launched numerous initiatives for financing the green and sustainable economy and for support of the EU goal to be carbon neutral by 2050, eg, EIB group climate credit institution roadmap 2021–2025 and EBRD’s Green Economy transition approach.
Credit institutions, like other financial sector participants, are therefore required to adjust their business models and develop plans to align their balance sheets with this transition to the sustainable economy, as well as to monitor and comply with the ESG legislative developments.
As of 2024, credit institutions have to disclose their green asset ratio as an indication of their degree of alignment with the EU Taxonomy. Regular climate stress tests are expected to take place on the basis of guidelines on institutions’ ESG risks stress testing. In January 2024, the ECB announced plans to enhance its climate initiatives during 2024 and 2025. Under its 2024-2025 climate and nature plan, the ECB will concentrate on addressing nature-related risks, implementing a greener monetary policy, and assessing the implications and challenges associated with transitioning to a green economy, which includes evaluating investment requirements and transition costs. This strategic focus aims to strengthen the ECB’s role in promoting sustainability within the financial system.
As mentioned in 11. Horizon Scanning, one of the most significant legislative initiatives is the EU banking package implementing the Basel III framework, which will, among other things, ensure the EU’s transition to climate neutrality. In June 2023, the EU also published the proposal for a regulation on the transparency and integrity of ESG rating activities.
National Level
In general, Greece follows the path adopted by the EU, since the majority of EU provisions are adopted in the form of regulations which are directly applicable throughout the EU. In the same way, in 2021, the BoG established the Climate Change and Sustainability Centre (CCSC) to build on the work initiated by the previous Climate Change Impacts Study Committee (CCISC). The focus of the BoG is turning towards the compliance of credit institutions with the ESG principles and requirements, taking into account the reports and guidelines of EU regulators. The implementation of relevant directives, such as the Corporate Sustainability Reporting Directive, is expected to happen soon in Greece.
In investment services, the Bank of Greece Executive Committee Act 234/3/23.9.2024 updates the national legal provisions transposed by Commission Delegated Directive (EU) 2017/593 on the safeguarding of financial instruments and funds belonging to clients, product governance obligations and the rules applicable to the provision or reception of fees, commissions or any monetary or non-monetary benefits, as amended by Commission Delegated Directive (EU) 2021/1269 with respect to the integration of sustainability factors into product governance obligations.
In addition, Greece’s first climate law (Law 4936/2022) was enacted in May 2022 by the Hellenic parliament, with the aim of establishing a coherent framework for improving climate resilience in Greece. Under the new law, a long list of undertakings, including credit institutions, is bound by carbon reporting obligations. The reports will be uploaded to a publicly accessible electronic database operated by the Organisation of Natural Environment and Climate Change (with 2022 as a reference year).
In December 2022, Regulation (EU) 2022/2554 (Digital Operational Resilience Act, DORA) was adopted. DORA will apply from 17 January 2025, but credit institutions and other financial institutions falling within the scope of its application must be prepared in advance.
Through the creation of a unified regulatory framework, DORA aims to boost credit and other institutions’ resilience against cyber threats through the implementation of stringent cybersecurity measures, regular risk assessments, the reporting of cyber incidents to the relevant authorities, and by addressing operational failures and IT disruptions. The key pillars of DORA that should be observed by credit institutions include the following:
In summary, DORA represents a significant shift in how financial institutions and credit institutions will manage their digital operations and risks in an increasingly tech-driven environment. It aims to ensure that institutions are better prepared to handle disruptions and cyber threats, while holding them more accountable for their ICT systems’ resilience and third-party dependencies. Therefore, credit institutions need to implement the appropriate policies, procedures and measures to ensure compliance with the new requirements.
EU Regulations
The EU banking package
One of the most significant legislative initiatives at EU level is the recently adopted EU banking package implementing the Basel III framework, and, more specifically, CRR III and CRD VI adopted by the European Parliament in May 2024 to fully apply the Basel III standards. The new provisions aim to ensure that EU credit institutions become more resilient to potential future economic shocks, while also contributing to the EU’s recovery from the COVID-19 pandemic and the transition to climate neutrality. There are also provisions going beyond Basel III, such as credit institutions’ obligations to identify, disclose and manage ESG risks at individual level, the harmonised framework in relation to fit and proper assessment of key function holders, and a new common framework in relation to third-country institutions’ branches due to their material footprint in the EU.
It is important to note that third-country undertakings wishing to offer “core banking services” in an EU member state will need to assess their model of operation and seek legal advice in order to evaluate whether they will trigger a third-country branch authorisation requirement under CRD VI. CRD VI must be transposed into national law by EU member states by 10 January 2026, and it will be generally applicable from 11 January 2026. However, the provisions on third-country branches will be applicable one year later, on 11 January 2027.
Proposals on payment services and credit transfers
A proposal for the Payment Services and Electronic Money Services Directive (PSD3), Payment Services Regulation (PSR) and Regulation on a Framework for Financial Data Access (FIDA) was issued on 28 June 2023. The package aims, inter alia, to contribute to further harmonisation and the consistent application of legal requirements, avoiding regulatory arbitrage and ensuring a level playing field between the different types of payment-service providers.
In March 2024, Regulation (EU) 2024/886 amending, inter alia, Regulations (EU) 260/2012 and (EU) 2021/1230 as regards instant credit transfers in euros was adopted in order to force credit institutions to offer instant payments in euros at no extra cost and enable the speedy transfer of money at any time (24/7).
AML/CFT rules
On 19 June 2024, the EU introduced new legislation to strengthen its AML/CFT framework through an ambitious legislative package comprising Regulation (EU) 2024/1620 (“AMLA Regulation”), Regulation (EU) 2024/1624 (“AML Regulation”) and Directive (EU) 2024/1640 (“6th AML Directive”), with the aim to harmonise AML/CFT rules across EU member states, enhance supervision and enforcement, and increase transparency in financial transactions. In summary, a new EU authority dedicated to AML/CFT (AMLA) was established, anti-money laundering rules were for the first time thoroughly harmonised throughout the EU, new obliged entities and stricter due diligence measures were introduced, and clearer rules were set on how financial intelligence units (FIUs) and supervisors work together. The majority of the new AML measures will apply as of 10 July 2027.
Consumer credit
In October 2023, Directive (EU) 2023/2225 (Consumer Credit Directive 2) was published to reform the existing consumer credit regime which applies to credit institutions and other financial institutions providing consumer loans. EU member states must transpose Consumer Credit Directive 2 into their national law by 20 November 2025, with the new measures taking effect from 20 November 2026. Creditors (and especially Buy-Now-Pay-Later (BNPL) providers), as well as credit intermediaries that did not previously fall within the scope of the consumer credit regime under Directive (EU) 2008/48, will have to re-assess their model, since Consumer Credit Directive 2 provides for a broader scope of application and types of credit previously exempted (such as BNPL) will be brought into the scope of the new regime.
National Laws
At national level, the most significant changes that took place in 2024 were as follows.
280 Kifissias Avenue
152 32 Halandri
Athens
Greece
+30 210 6967 000
info@zeya.com www.zeya.comBanking Market Trends in Greece
Over the past year, the Greek banking and finance sector has been very actively engaged in the funding of domestic businesses and projects as well as direct foreign investments in the country. This follows the full re-privatisation of the Greek banking system starting from late 2023, when the Hellenic Financial Stability Fund (the HFSF), the state-controlled Greek bailout fund (established in 2010 to safeguard the stabilisation and, ultimately, the recapitalisation of the Greek banking system through the crisis years) sold its shareholdings in Eurobank, Alpha Bank and 22% of its shareholding in National Bank of Greece, followed by the disposal of its 27% stake in Piraeus Bank in 2024 and then a further 10% in National Bank of Greece. The active financing of the Greek economy by banks in 2024 was also partly due to the fact that Greek businesses and projects were able to benefit from facility agreements that combined commercial tranches paid out by the banks themselves with tranches they could also disburse, being the main lenders to the Greek State, using cheaper capital made available to the State via Greece’s National Recovery and Resilience Plan (“Greece 2.0”’), approved by the Council and fully backed by the EU Recovery and Resilience Facility established by EU Regulation 2021/241.
Non-performing loans and credits (NPLs) have dominated the Greek banking system for the last few years. However, following the massive deleveraging of Greek banks’ NPLs up to the end of 2023, there has been a gradual shift to the secondary NPL market and re-performing loans. Notwithstanding this development, in mid-December 2023, the Hellenic Asset Protection Scheme (HAPS), or “Hercules Scheme”, was extended for a further 12 months to the end of 2024 to facilitate a few additional securitisations originated from Greek systemic and non-systemic banks to further reduce their NPLs. An important milestone in 2024 on the NPL front was the signing by PQH – the special liquidator for all credit and financial institutions under special liquidation in Greece – of sale and purchase agreements for three separate NPL portfolios (secured, unsecured and mixed) with an aggregate total book value of EUR4.8 billion entered into with private investors and comprising entities managed or advised by Fortress Investment Group (UK) Ltd., Bain Capital Credit LP and Bracebridge Capital, LLC.
Finally, the Greek banking system is currently adapting itself to the challenges posed by the current trends of digital transformation, cybersecurity and risk management, following the recent enactment of relevant legislative tools at both EU and domestic level. The digitalisation of Greek banks is accelerating, driven by evolving customer expectations, technological advancements, and the need for increased operational efficiency. Traditional banks in Greece are increasingly investing in digital services, such as mobile banking apps, digital wallets, and online lending platforms in order to enhance customer convenience and competitiveness. The Greek banking sector’s push toward digital transformation is part of a broader European trend toward modernised financial services, streamlined through digital tools, automation, and AI-driven solutions. Together with a fintech company, one of the Greek systemic banks has recently launched a fully digital bank which operates without physical branches and provides a seamless, entirely online banking experience. This is not the only “neobank” in Greece, exemplifying the shift toward agile, tech-driven financial services. The digital-first banks are reshaping the Greek banking landscape, setting new standards for efficiency and accessibility, and aligning with the digital preferences of younger, tech-savvy customers in Greece.
Against this backdrop, the local market saw the merger of Attica Bank into Pancreta Bank in early September 2024, creating the fifth-largest lender in Greece in terms of estimated balance-sheet assets – a transaction that followed the absorption of HSBC Greece’s operations by Pancreta Bank earlier in July 2023.
Legislative Developments
RRF loans
Pursuant to Greece’s National Recovery and Resilience Plan (“Greece 2.0”) and the implementation of Greek ministerial decisions, the projects and investment plans of companies/investors that fall within one of the following thematic pillars are eligible to be financed through the Greek banking system by a combination of commercial loan facilities and RRF facilities.
Each of the Greek banks have signed so-called “operational agreements” with the Greek government – ie, agreements through which the Greek State on-lends monies to the commercial banks (stemming from the EU Recovery and Resilience Fund (approved by the EU council post-Covid crisis) for these banks use to fund eligible investment projects. The operational agreements contain the minimum set of obligations and protections that the Greek commercial banks will have to fulfil (as primary lenders) for the relevant borrowers as part of the facility agreements entered into to safeguard the due repayment of the RRF funds made available.
Pursuant to the operational agreements and the relevant ministerial decisions, an eligible investment project can be financed for up to a maximum of 50% of its eligible investment budget by virtue of these RRF loans, while equity funds and commercial loan facilities made available from Greek banks should cover at least 20% and 30% of the eligible investment budget, respectively. The commercial loan facilities that finance part of the eligible investment costs are referred to as “co-financing facilities”. To the extent that certain costs are not eligible from an RRF perspective, these can be financed by additional and separate facilities made available by Greek banks and referred to as “non-eligible facilities”.
The law provides that RRF facilities and co-financing facilities must, at all times, rank pari passu in terms of both repayment profile and in terms of the security package collateralising their payment profile. In principle, this rule does not affect non-eligible facilities, which must, however, be clearly segregated from the RRF and co-financing facilities, even if they are all part of the same facility agreement with the respective borrower.
In terms of interest rates, the RRF facilities can benefit from very low rates determined by virtue of ministerial decisions which set minimum interest rates (currently 0.35% for small and very small enterprises and 1% for any other enterprises). Note that that minimum interest rates will, in principle, constitute state aid for relevant borrowers, and so their compliance as such with maximum acceptable limits for state aid should be tested (this is particularly important in cases where eligible investments have also been also subsidised by the Greek state under other applicable investment schemes). In cases where the minimum RRF interest rates cannot be used on these grounds, the interest rate for RRF loans may be calculated on the basis of the sum of a margin ranging from 60-1,000 basis points (depending on the credit rating of the investor and the value of the security package of the relevant investment) and Greece’s base interest and discount rate as applicable from time to time in accordance with relevant announcements by the EU Commission.
RRF loans were extensively used in 2024 (or 2023?) to finance green transition projects, including renewable energy, digital transformation (with the construction of new fibre optic networks) and extroversion (tourism industry investment plans) projects.
The full drawdown of RRF funds being available to finance investment projects in Greece must be concluded no later than 26 August 2026.
New legislative framework for pledge rights
Law 5123/2024 was published on 19 July 2024 amending (and purporting to codify) the current legislative framework regarding the creation of pledge rights in Greece. The primary aim of the new legislative initiative is to address ongoing issues relating to the establishment and enforcement of pledge rights through the development of a unified and modern legal framework which harmonises the rules governing different types of pledges, namely the notional pledge (ie, pledge over movable property without delivery of the encumbered items to the pledgee), pledge on registered instruments, claims, and rights. To this end, certain provisions of the current framework, including, amongst others, provisions of the Greek Civil Code, Legislative Decree 17.7/13.08.1923 and Law 2844/2000 regarding notional pledge are repealed.
The new law introduces for the first time the Single Electronic Register of Pledges (“the Register”), which will be maintained and operated by the Hellenic Cadastre, serving as a central register for pledge rights. All pledge agreements will be registered digitally with the Register, essentially enhancing transaction security and transparency.
According to the law’s provisions, the operation of the Register will commence upon the earlier of either the date of issuance of a relevant decision by the Hellenic Cadastre or 31 December 2024. However, such long stop date may be further extended pursuant to a ministerial decision. At the moment of publication of this piece (December 2024), the relevant decision has not been issued and the Register is not yet operative, so the substantive part of the new law has not yet officially come into force and the old pledges’ regime still applies.
Notably, the new law directly provides that, apart from the pledge rights, the registrations of true sale securitisations transactions, securitisations’ servicing agreements (each as required under Article 10 of Law 3156/2003), as well as NPLs’ outright sales and servicing agreements (as required by Law 5072/2023) must be also registered with the Register following the coming into force of the law.
All pledges that have been entered into and established prior to the entry into force of the new law shall be regulated by the provisions applying thereto at the time of their creation and establishment without any need for the parties to cater for the registration of such preexisting pledges to the Register.
Extension of Hellenic Asset Protection Scheme – “Hercules III”
The Hellenic Asset Protection Scheme originally came into force in December 2019 under Greek Law 4649/2019 as a state-guarantee scheme for the senior notes of NPLs securitisations given a minimum credit rating by an independent rating agency and of which the mezzanine and junior notes are sold to third-party private investors to achieve accounting derecognition for the originating credit institution. The Greek state guarantee for the senior notes of such transactions has been cleared by the EU Commission in terms of state aid, as the guarantee pricing (ie, the fee payable to the Greek State as guarantor) was based on a formula taking into account the government’s credit default swap prices.
The original HAPS program (HAPS I) was introduced for a maximum guarantee amount of up to EUR12 billion for a period of 18 months from the time of its introduction. In April 2021, HAPS was further extended (HAPS II) by a further 19 months to October 2022 with a renewed maximum guarantee of up to EUR12 billion.
More recently, at the end of 2023, the HAPS guarantee scheme was reintroduced by virtue of Greek Law 5072/2023, amending Greek Law 4649/2019 (the original HAPS statutory instrument), with an overall maximum amount available for guarantees set at EUR2 billion and applications from originating credit institutions (wishing to benefit from the guarantee in relation to the senior notes held by them in the relevant NPL securitisations) being accepted until 31 December 2024. The reintroduced framework required a higher credit rating for the senior notes of the relevant securitisations (BB (high) or equivalent, as opposed to BB (low) or equivalent under the previous regime) and was purported to further reduce Greek banks’ stock of NPLs, also enabling non-systemic banks such as Attica Bank and Pancreta to launch their own NPL securitisations under the revised HAPS III framework. In fact, at the moment of writing this piece, Attica Bank (having absorbed Pancreta) has applied for the HAPS III Guarantee in relation to two NPLs securitisations. In addition, the Ministry of Finance has submitted an application to DG Comp for the further extension of HAPS III in terms of the maximum available guarantees amount from EUR2 billion to EUR3 billion but also its time extension from 31 December 2024 to June 2025.
It is worth mentioning that under the HAPS I and II schemes, the Greek state guarantees provided in favour of the senior notes of NPLs securitisations held by the originating banks amounted to EUR18.7 billion.
Revamped framework for outright sales and servicing of loans and credits
In late 2023, Greece introduced Law 5072/2023 on the sale and servicing of loan receivables. This was followed by decision No 225 of 30 January 2024 of the Bank of Greece on the terms and conditions for granting a licence, as well as a re-license, for new and existing servicing companies, respectively, under the law. The new law was transposed in Greece into Directive (EU) 2021/2167 on credit servicers and credit purchasers which harmonises the rules applicable to the sale, purchase and servicing of non-performing loans originated by EU banks. The Directive’s overarching objective was to support the development of a secondary market for non-performing loans in the EU while ensuring that the sale of loans does not undermine borrowers’ rights.
Even before the introduction of Law 5072/2023, the outright sale and servicing of loans in Greece was not an unregulated activity, but was governed by Greek Law 4354/2015, pursuant to which the Bank of Greece had authorised 23 servicers.
The new law repealed Law 4354/2015 altogether and set up a unified framework to apply for credit purchasers and credit servicers alike. The new provisions apply both to the sale and servicing of performing and non-performing loans granted by EU credit or financial institutions.
According to Law 5072/2023, only special purpose sociétés anonymes licensed and supervised by the Bank of Greece may act as servicers of bank/financial institutions loans and credits. Servicers licensed and supervised by competent authorities in other EU member states pursuant to the provisions of Directive (EU) 2021/2167 may, subject to a prior notification sent to the Bank of Greece by the competent authorities of such EU member states, service exclusively non-performing loans and credits in Greece, either on a cross-border basis or through the right of establishment (eg, a branch). Similarly, Greek licensed servicers may offer their services to other EU member states either on a cross-border basis or through their right of establishment in the EU member states, subject to notifying the Bank of Greece in advance and to the limitations and conditions imposed in the member states by virtue of their laws implementing Directive (EU) 2021/2167.
Credit purchasers and supervised entities are not required to be regulated. They can be any individual or legal entity having as its business objective the acquisition of loans and credits, provided that, if their residence or registered seat is not in the EU, they appoint a representative in the EU in writing. These credit purchasers (or their representatives in the EU, if applicable) are required to enter into servicing agreements with the aforementioned licensed servicers for the management and servicing of the loans and credits that they have acquired.
The new law provides for the minimum statutory content of the servicing agreements, which must comprise at least the following:
The servicing agreements between servicers and credit purchasers must be registered with the public registry in which the loan sale agreements are also registered, as required by the law.
Under the new framework, credit institutions established in Greece, as well as leasing companies, factoring companies, credit companies and financing institutions, must provide for credit purchasers all necessary information on the receivables and their collateral prior to the sale to the credit purchasers of the loan receivables so that they can assess their credit risk on an informed basis. The form of this information is further specified by Commission Implementing Regulation (EU) 2023/2083.
Finally, all servicers and credit purchasers must to provide borrowers with information on the sale of their loans, the contact details of the credit purchaser and details on the loan status (outstanding principal, interest and interest rate) on a regular and ad hoc basis. To this end, servicers were required to develop and have since developed an e-platform with loan data to which borrowers must have direct access.
DORA
Regulation (EU) 2022/2554 (Digital Operational Resilience Act, DORA) will apply from 17 January 2025, but credit and other financial institutions falling within the scope of its application have started their preparations already.
Through the creation of a unified regulatory framework, DORA aims to boost credit and other institutions’ resilience against cyber threats through the implementation of stringent cybersecurity measures, regular risk assessments, the reporting of cyber incidents to the relevant authorities, and by addressing operational failures and IT disruptions. The key pillars of DORA that should be observed by credit institutions include the following:
DLT
Greek Law 5113/2024, also known as the Distributed Ledger Technology (DLT) Securities Law, has supplemented Regulation (EU) 2022/858 (DLT Pilot Regulation). It amends, among other things, the definition of financial instruments in Law 4514/2018 (transposing MiFID II in Greece) to include instruments issued by means of DLT and clarifies that all laws and regulations applicable to transferable securities will equally apply to DLT transferable securities. The new law aligns Greek corporate and securities regulations with the evolving digital landscape, emphasising technological neutrality while boosting operational efficiency.
280 Kifissias Ave
152 32 Halandri
Athens
Greece
+30 210 6967 000
info@zeya.com zeya.com