Banking Regulation 2024 Comparisons

The principal laws and regulations governing the Greek banking sector are the following.

• Law 4261/2014 (Law 4261), implementing in Greece Directive 2013/36/EU (“CRD IV”), and Regulation (EU) 575/2013 (“CRR”), as amended, among others, by Regulation (EU) 2019/876 (“CRR 2”). Law 4261 has been amended, among others, by Law 4799/2021, which transposed Directive 2019/878/EU (“CRD V”) into Greek law. Law 4261 sets out, inter alia, the provisions as regards:
1. the establishment, authorisation and operation of credit institutions;
2. the EU passport procedure and the licensing requirements in relation to third-country credit institutions providing services in Greece;
3. the prudential supervision rules applicable to credit institutions established in Greece;
4. the powers of supervisory authorities and the administrative penalties they may impose on credit institutions;
5. the corporate governance of credit institutions; and
6. the introduction of certain capital buffers to be maintained by credit institutions (in addition to the requirements of CRR).
• Law 4335/2015, as amended (Law 4335), implementing in Greece Directive 2014/59/EU (“BRRD”) on the recovery and resolution of credit institutions and investment firms. Law 4335 has been amended by law 4799/2021, which transposed, among others, Directive 2019/879/EU (“BRRD II”) into Greek law.
• Law 4557/2018, as amended by Law 4734/2020 and Law 4816/2021 (the “AML Law”) setting out the anti-money laundering and countering the financing of terrorism (AML/CFT) framework. The AML Law implements Directives 2015/849/EU (“4th AML Directive”), 2018/843/EU (“5th AML Directive”) and 2018/1673/EU in Greece.
• Law 4370/2016, as amended, transposed into Greek law, among others, Directive 2014/49/EU (the “Directive on Deposit Guarantee Schemes”).
• Law 2251/1994 on consumer protection, as amended and codified by Ministerial Decision 5338/2018, which is currently in force (the “Consumer Protection Law”).

Depending on the type of services offered to clients, credit institutions should also comply with other laws of the financial sector, including:

• Regulation (EU) 600/2014 (the “MiFIR”) and Law 4514/2018, as amended, transposing Directive 2014/65/EU (“MiFID II”) in Greece as regards the provision of investment services; and
• Law 4537/2018 transposing Directive 2015/2366/EU (“PSD2”) in Greece as regards the provision of payment services.

In addition to the laws of the banking sector, Greek credit institutions should also comply with other laws, including Law 4548/2018 on sociétés anonymes, Law 4706/2020 on corporate governance of listed entities, as applicable, as well as Regulation (EU) 2016/679 (“General Data Protection Regulation”) and Law 3471/2006.

The above laws are supplemented by acts issued by the Bank of Greece (BoG), including the BoG Governor’s Act 2501/2002, as amended and currently in force, on the information that credit institutions must provide to their customers, the BoG Governor’s Act 2577/2006 on the organisational requirements and internal control functions of credit and financial institutions, the BoG Act 392/31.05.2021 on the revision of the Code of Conduct under Greek Law 4224/2013, and the BoG Executive Committee Act 178/2020 as regards the outsourcing of activities as well as guidelines issued by the European Central Bank (ECB), the European Banking Authority (EBA) and other EU authorities.

The BoG is the national competent authority supervising the banking sector and exercising prudential supervision over Greek credit institutions. However, within the Single Supervisory Mechanism (SSM), the ECB directly supervises the following significant credit institutions authorised in Greece:

• Alpha Bank SA;
• Eurobank SA;
• National Bank of Greece SA; and
• Piraeus Bank SA.

Less significant credit institutions are supervised directly by the BoG, which is the competent authority for overseeing entities of the financial sector, including payment institutions, credit companies and credit servicing firms.

The BoG is also the national resolution authority and, along with the Single Resolution Board (SRB), is established within the Single Resolution Mechanism to exercise the resolution powers. The SRB is competent for the credit institutions supervised directly by the ECB.

In addition, the BoG is also responsible for supervising the compliance of credit institutions with the AML/CFT framework.

The Hellenic Capital Market Commission (HCMC) is the competent authority for monitoring the compliance of credit institutions with Law 4514/2018, with respect to investment services, with the exception of certain areas which remain under the authority of the BoG.

The HCMC is also responsible for monitoring compliance with market abuse legislation, including Regulation (EU) 596/2014 (“MAR”) and Law 4443/2016, which supplements the MAR in Greece.

Banking Licence

Credit institutions established and operating in Greece must be authorised by the ECB, which co-operates closely with the BoG. Τhe authorisation of credit institutions in Greece is one of the “common procedures”, as defined in Regulation (EU) 468/2014 (ECB/2014/17), on which the final decision lies with the ECB.

Greek credit institutions may be established and may operate in Greece as:

• sociétés anonymes (which is the most common legal type);
• pure credit co-operatives under Law 1667/1986;
• European Societies (SE) under Regulation (EU) 2157/2001; or
• European Co-operative Societies under Regulation (EU) 1453/2003.

Greek credit institutions may be licensed to perform all banking activities listed in Annex I of CRD IV (“universal licence”), namely:

• the acceptance of deposits and other repayable funds;
• lending including, inter alia, consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting);
• financial leasing;
• payment services as defined in Article 4(3) of the PSD2;
• issuing and administering other means of payment (ie, travellers’ cheques and bankers’ drafts) in so far as such activity is not covered by the above point;
• guarantees and commitments;
• trading for own account or for the account of customers in any of the following:
1. money market instruments (cheques, bills, certificates of deposit, etc);
2. foreign exchange;
3. financial futures and options;
4. exchange and interest-rate instruments; and
5. transferable securities;
• participation in securities issues and the provision of services relating to such issues, particularly underwriting;
• advice to undertakings on capital structure, industrial strategy and related questions, and on services relating to mergers and the purchase of undertakings;
• money broking;
• portfolio management or advice;
• safekeeping and administration of securities;
• credit reference services, including customer credit rating;
• safe custody services;
• issuing electronic money; and
• investment services and activities as well as ancillary services provided for in Law 4514/2018.

In addition to the above, the BoG may allow credit institutions to carry out other financial or ancillary activities, provided that the relevant risks are fully hedged.

Natural persons or legal entities that are not licensed credit institutions are prohibited from taking deposits or other repayable funds from the public. Moreover, the provision of credit/financing, in a professional capacity, is a regulated activity in Greece, which is allowed only to duly licensed credit institutions or certain financial institutions (such as Greek authorised credit companies).

EU licensed credit institutions may perform banking activities in Greece, on the basis of the EU passport; ie, through their right to establishment or on a cross-border basis, provided that the EU licensed credit institution notifies the home member state’s authority that will transmit the notification to the BoG.

Authorisation Process

The authorisation of a credit institution in Greece by the ECB/BoG is subject to the requirements set out in Law 4261 as supplemented by the BoG Act 142/11.6.2018, as amended and in force, as well as other BoG acts.

For a legal entity to be licensed as a credit institution, it must have at least the following:

• full paid-up initial capital equal to EUR18 million (in case of credit co-operatives an amount of EUR6 million) as well as payment of any additional funds that may be required in order to ensure that, during the first three years of operation, the own funds of the new credit institution will meet the expected capital requirements and the minimum initial capital on a continuous basis (as of 2022 credit co-operatives must adjust their initial capital to EUR10 million or to EUR18 million depending on the registered seat);
• suitable shareholders who are subject to an assessment by the ECB/BoG;
• at least two persons who effectively direct the business and are subject to “fit and proper” assessment;
• board of directors (BoD) members that are subject to “fit and proper assessment”; and
• participation in the Deposit Guarantee Scheme.

The licensing application must be accompanied, inter alia, by the following:

• A programme of operations setting out the types of business envisaged and the structural organisation of the credit institution, including an indication of the parent undertakings, financial holding companies and mixed financial holding companies within the group. The programme of operation must include a three-year business plan with the scope of work, the timetable for achieving the objectives of the credit institution, the structure of the group to which it belongs and the framework of the internal control functions, including the internal audit, risk management and compliance functions and procedures required for compliance with its organisational obligations.
• “Fit and proper assessment” with respect to the BoD members and the key function holders.
• Information on shareholders with holdings exceeding 1% and questionnaires for assessing the persons/entities holding a qualifying holding.
• The funding sources and forecast balance sheet, income statement and cash flow statement.
• The anticipated course of the capital adequacy ratio during the first three years of operation of the credit institution, indicating the underlying method of risk assessment and measurement, in accordance with the applicable supervisory framework.
• Policies and procedures (including an AML policy, conflict of interest policy, compliance policy, outsourcing policy, IT policies, etc).

Following the BoG’s assessment of the licensing application, the BoG proceeds to the submission of a proposal (ie, a draft decision) to the ECB, which takes the final decision. Otherwise, if the BoG considers that the requirements have not been met, the BoG will reject the licensing request.

Timing and Cost Estimates

According to Law 4261 the BoG/ECB must revert to the applicant with a decision (ie, to grant or refuse the licensing application) within six months from receipt of the application, which may be extended to within 12 months of receipt of the application.

No fees are required to be paid by the applicant for the submission of the application to the BoG. However, applicants should take into account the fees paid to legal counsel and financial/technical advisers, as well as their participation in the deposit guarantee scheme.

Requirement to Notify the BoG

Any natural person or legal entity (or persons acting in concert) that has decided either to acquire, directly or indirectly, a qualifying holding in a credit institution (ie, 10%) or to further increase, directly or indirectly, such a qualifying holding in a credit institution as a result of which the proportion of the voting rights or of the capital held would reach or exceed 20%, 33⅓% or 50% or so that the credit institution would become its subsidiary, must notify the BoG in advance in accordance with the qualifying holding process set out in Law 4261.

Documents required

The proposed acquirer must submit a notification to the BoG accompanied by certain questionnaires and required supporting documents in relation to the persons/entities that will acquire (directly or indirectly) a qualifying holding in the credit institution. In certain cases, a business plan that must contain a minimum set of information should also be submitted by the proposed acquirer.

Assessment by the BoG

The BoG will assess whether the potential acquisition complies with all regulatory conditions and will prepare a draft decision which is submitted to the ECB. The ECB will thereafter decide whether or not to oppose the acquisition on the basis of its assessment of the proposed acquisition and the BoG’s draft decision. In terms of timing, the regulators will assess the proposed acquisition within 60 business days from the date of the written acknowledgement of receipt of a complete file. This can be extended up to 90 business days from the receipt of a complete file.

Other Qualifying Holdings

A person may be deemed to be acquiring a qualifying holding even in circumstances where they acquire less than 10% of the shares and voting rights, since the definition of qualifying holding also includes cases where a proposed acquirer is deemed to exercise a “significant influence” over the management of a credit institution. Under Law 4261, a prior notification to the BoG is also required with respect to the acquisition or increase of a holding that would reach or exceed 5% in the share capital or voting rights of a Greek credit institution. The BoG will, thereafter, conduct an ad hoc assessment and decide, within five business days, whether such acquisition or increase will constitute a significant influence, and if so, it will notify the proposed acquirer and carry out an assessment in light of the qualifying holding process.

Credit institutions are also subject to reporting requirements to the BoG (on becoming aware of any acquisitions or disposals of holdings which cause holdings to exceed or fall below the relevant thresholds, or where a change occurs, or on an annual basis).

The Transparency Directive

Besides the aforementioned qualifying holding approval process, notification requirements under Law 3556/2007, as amended and in force (Law 3556) implementing the Transparency Directive (Directive 2004/109) in Greece, might be also triggered as regards the acquisition of significant shareholdings in entities whose shares are traded on a regulated market (noting that the majority of the significant Greek credit institutions are wholly owned by financial holding companies which are listed on ATHEX). The shareholders should notify the issuer and the HCMC of the percentage of voting rights held by them if they directly or indirectly acquire or dispose of the shares of the issuer carrying voting rights and if, as a result of that acquisition or disposal, the percentage of their voting rights reaches or exceeds or falls below the applicable thresholds (ie, 5%, 10%, 15%, 20%, 25%, 33⅓%, 50% and 66⅔%) or reaches, exceeds or falls below the aforementioned applicable threshold as a result of corporate events changing the breakdown of voting rights or on the basis of information disclosed by an issuer. A notification obligation also lies with any shareholder who holds voting rights exceeding 10%, if such percentage changes by 3% or more, following acquisition or disposal of voting rights or other corporate events altering the breakdown of voting rights. New changes exceeding 3% create a new notification obligation.

The Competition Law

Additional requirements may be also triggered under the competition law.

Credit institutions are subject to corporate governance requirements stemming from Law 4261, which is supplemented by the BoG Governor’s Act 2577/20.3.2006 as amended and in force, which sets out the internal organisation and governance requirements that all Greek credit institutions must comply with. Other BoG acts must also be taken into account for specific requirements (such as outsourcing requirements, information and technology security arrangements, etc). EBA guidelines on internal governance (EBA/GL/2021/05) have not been implemented as such into Greek law, but the BoG has confirmed that it will comply with them.

More specifically, credit institutions must have robust governance arrangements, which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility; effective processes to identify, manage, monitor and report the risks they are or might be exposed to; adequate internal control mechanisms, including sound administration and accounting procedures; and remuneration policies and practices that are consistent with and promote sound and effective risk management. Such arrangements, processes and mechanisms must be proportionate to the nature, scale and complexity of the risks inherent in the business model and the credit institution’s activities.

Greek credit institutions must have the following in place:

• A BoD that has overall responsibility for the credit institution and approves and oversees the implementation of the institution’s strategic objectives, risk strategy and internal governance. At least two of the executive BoD members will effectively direct the business of the institution. The BoD must have at least one non-executive and independent member or, where certain criteria are met, two non-executive and independent members. The chairman of the BoD cannot, at the same time, be the CEO of the credit institution. The BoD must monitor and periodically assess the effectiveness of the credit institution’s governance arrangements and take appropriate steps to address any deficiencies.
• Committees, including an audit committee, a risk management committee, a nomination committee, a remuneration committee and others, depending on certain criteria (including the institution’s total assets).
• Internal audit, risk management and compliance functions.
• An AML/CFT function that must be established in the compliance unit, including an AML/CFT officer.
• A complaints-handling function, an information technology and security officer, chief finance officer, staff providing the services, etc.

Code of Conduct Under Greek Law 4224/2013

Greek credit institutions must also comply with the requirements (including organisation requirements) stemming from the BoG Act 392/31.05.2021 on the revision of the Code of Conduct under Greek Law 4224/2013 when providing credit to customers.

Hellenic Corporate Governance Code

In addition, Greek credit institutions that are listed on the ATHEX must also comply with the corporate governance requirements of Greek law 4706/2020. In June 2021, a new Hellenic Corporate Governance Code (“the Code”) was issued by the Hellenic Corporate Governance Council for listed companies. The Code is voluntary and facilitates the formulation of corporate governance policies and practices, which listed companies must follow depending on the characteristics of each company.

Code of Ethical Conduct

Finally, the BoD must adopt a Code of Ethical Conduct applied by the management and all the staff of the credit institution on the basis of generally accepted principles (diligence, efficiency, responsibility, professional secrecy, etc).

Directors’ and Senior Management Designation

The members of the BoD and senior management are proposed by the nomination committee to the BoD or the shareholders’ general meeting, respectively, on the basis of suitability criteria including their honesty, integrity and independence of mind promoting the diversity of the management bodies. Senior management (including the key function holders) is finally appointed by the BoD, whereas directors are elected by the shareholders’ general meeting.

“Fit and Proper” Assessment

The BoD members and the senior managers of Greek credit institutions must meet specific suitability requirements and are subject to “fit and proper” assessment by the BoG/ECB (as the case may be) to assess that the BoD members and senior managers are of sufficiently good repute and possess sufficient knowledge, skills and experience to perform their duties and act with honesty, integrity and independence of mind.

The BoD must also possess adequate collective knowledge, skills and experience to be able to understand the credit institution’s activities, including the main risks. The overall composition of the BoD will need to reflect an adequately broad range of experience.

The key function holders – namely, the head of internal audit, head of risk management, head of compliance, chief financial officer, internal audit committee’s members and money laundering reporting officer (MLRO) – are also subject to the above criteria and the “fit and proper assessment” by the BoG/ECB (as the case may be).

More specifically, the persons appointed to hold any of the above positions must submit to the BoG, through the credit institution, a completed questionnaire on the “fit and proper” assessment of the BoD members and key function holders.

BoD Roles and Accountability

The BoD defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of the credit institution, including the segregation of duties in the organisation and the prevention of conflicts of interest. Such arrangements are in line with the following principles:

• the BoD has overall responsibility for the credit institution and approves and oversees the implementation of the credit institution’s strategic objectives, risk strategy and internal governance;
• the BoD ensures the integrity of the accounting and financial reporting systems, including financial and operational controls and compliance with the law and relevant standards;
• the BoD oversees the process of disclosure and communications (as may be required by law); and
• the BoD is responsible for providing effective oversight of senior management.

The remuneration requirements applicable to Greek credit institutions are in line with the provisions of CRD IV (as amended), which have been transposed into Law 4261.

According to Law 4261, when establishing and applying the remuneration policies for categories of staff whose professional activities have a material impact on the credit institution’s risk profile, credit institutions should apply the requirements in a manner that is appropriate to their size, internal organisation and the nature, scope and complexity of their activities.

The staff whose professional activities have a material impact are the following:

• all members of the BoD and senior managers;
• staff members with managerial responsibility over the credit institution’s control functions or material business units; and
• staff members entitled to significant remuneration in the preceding financial year, provided that the following conditions are met:
1. the staff member’s annual remuneration is equal to or greater than EUR500,000 and equal to or greater than the average remuneration awarded to the institution’s BoD members and senior managers; and
2. the staff member performs the professional activity within a material business unit and the activity is of a kind that has a significant impact on the relevant business unit’s risk profile.

In addition, credit institutions should conduct a self-assessment each year, in order to identify all staff whose professional activities have or may have a material impact on the credit institution’s risk profile.

The requirements under Law 4261 are supplemented by Greek Law 4548/2018 on sociétés anonymes, the BoG Governor’s Act 2577/2006, as amended, among others, by the BoG Governor’s Act 2650/2012 and the BoG Executive Committee Act 158/2019, implementing in Greece the EBA Guidelines on sound remuneration policies (EBA/GL/2015/22).

Credit institutions must adopt remuneration policies and practices that promote sound and effective risk management and do not encourage risk taking that exceeds the level of tolerated risk of the institution. Their remuneration policies should set out, among other things, the ratio between fixed and variable remuneration, and must be gender neutral. The non-executive BoD members must adopt and periodically review the remuneration policy and are responsible for overseeing its implementation, which must be reviewed at least annually by the credit institution’s internal audit function.

Credit institutions must submit information to the BoG in relation to their remuneration policies, in accordance with the criteria for disclosure established in points g, h, i and k of Article 450(1) of the CRR as well as the information provided by credit institutions on the gender pay gap. The BoG uses that information to benchmark remuneration trends and practices. In addition, the BoG applies a risk-based approach when supervising the remuneration policies of credit institutions and requires credit institutions to take adequate actions in order to remedy any identified deficiencies. Otherwise, the BoG may impose administrative sanctions, such as fines, on credit institutions.

Greek credit institutions are subject to the Greek AML/CFT legislation, which is in line with the EU AML/CFT legislation. More specifically, the main legal basis is the Greek Law 4557/2018 on “prevention and combatting of money laundering and terrorist financing and other provisions”, as amended and in force (“the AML Law”). This implements the following in Greece: Directives 2015/849/EU (4th AML Directive), 2018/843/EU (5th AML Directive) and 2018/1673/EU and Decision No 281/5/17.3.2009 of the BoG’s Banking and Credit Committee specifying the obligations of credit, financial and payment institutions under the AML Law, as amended and in force (“the AML Decision”). The Greek legal framework is supplemented by other BoG acts as well as by laws and guidelines adopted at an EU level (such as EBA Guidelines on ML/TF risk factors and customer due diligence).

More specifically, Greek credit institutions are required to adopt AML policy and procedures in accordance with the Greek AML/CFT legislation. These include model risk management practices, customer due diligence, reporting, employee screening, record-keeping, internal control and compliance management, such as the appointment of an MLRO (and their deputy) on the basis of their integrity, status, academic background, experience in the relevant field and credit institution’s operations.

In addition, Greek credit institutions must carry out customer due diligence (CDD) measures when establishing a business relationship, when carrying out occasional transactions exceeding certain thresholds, when there is a suspicion of money laundering or terrorism financing, as well as when there are doubts about the identification data previously obtained. CDD also involves the ongoing monitoring of the business relationship. In the context of the CDD measures, the verification of the relevant data of natural persons may be carried out either on the basis of original documents issued by reliable and independent authorities, or, with the explicit and special consent of the natural person, through the transmission of such documents via the electronic platform “eGov-KYC” of the Single Digital Portal of Public Administration.

Operation of Scheme

The Hellenic Deposit and Investment Guarantee Fund (HDIGF or, in Greek, TEKE) is the operator of three distinct schemes:

• the deposit guarantee scheme;
• the investment compensation scheme; and
• the resolution scheme of Greek credit institutions.

TEKE is governed by Greek Law 4370/2016, as amended (Law 4370), which transposes into Greek law, among others, the Directive on Deposit Guarantee Schemes (Directive 2014/49/EU). TEKE is supervised by the Ministry of Finance.

According to Law 4370, all Greek credit institutions (including their foreign branches) and Greek branches of credit institutions incorporated outside the EU must become members of the deposit coverage scheme held with TEKE. Such participation automatically activates the participation of credit institutions in the TEKE resolution scheme.

Branches of credit institutions incorporated in another EU member state do not participate in TEKE, as they are covered by the Deposit Guarantee Scheme of the respective member state where their registered office is located (home member state). Participation in the investor compensation scheme, which is another department of TEKE, is also mandatory for Greek credit institutions. However, Greek branches of EU member states’ credit institutions may also request to participate in the investor compensation scheme of TEKE for supplementary coverage.

Covered Deposits

TEKE covers deposits held by natural persons or legal entities, irrespective of the currency (eg, deposits in savings accounts, current accounts and time deposits). However, certain deposits are not eligible and are therefore excluded from the coverage protection, namely:

• deposits made by other credit institutions or investment firms on their own behalf and for their own account;
• credit institutions’ own funds;
• deposits arising out of transactions in connection with which there has been a criminal conviction for money laundering;
• deposits by financial institutions, (re-)insurance undertakings, collective investment undertakings, social security funds and occupational pension funds, public authorities and by TEKE;
• debt securities issued by a credit institution and liabilities arising out of own acceptances and promissory notes; and
• deposits where the holder or beneficiary has never been identified.

The maximum level of coverage is set to EUR100,000 per depositor, per credit institution (irrespective of the number of deposit accounts held in the credit institutions, the currency of such deposits and the location of such deposit accounts) with certain limited exemptions where the compensation may be up to EUR300,000 (eg, for sale or expropriation of private residential property, payment of a lump-sum retirement benefit or periodical pension benefits, compensation due to termination of employment, etc).

Funding of Scheme

An initial contribution must be paid by credit institutions joining the Deposit Compensation Scheme (DCS) of TEKE, within one month from the date on which they become members, which is calculated on the basis of Law 4370 and in any case cannot be higher than 8% of the credit institution’s own funds. New members pay the initial contribution in three annual instalments by crediting the dedicated DCS account with the BoG. Regular contributions are paid by credit institutions on an annual basis. The key factors to be considered for calculating the annual regular contributions are the amount of covered deposits and the degree of risk assumed by each credit institution. Within 20 calendar days from the beginning of every year, each credit institution must transmit to TEKE an annual list with the amount of its covered deposits as at the last day of each calendar quarter of the preceding year. By 30 September every year, credit institutions must also submit to TEKE the data specified by TEKE and refer to the last day of the preceding year, for the purpose of determining the degree of risk assumed by that credit institution. Extraordinary contributions are paid if the available funds of the DCS are not sufficient to compensate depositors. Extraordinary contributions must not exceed 0.5% of the covered deposits of each credit institution per calendar year. Higher contributions may be specified by a decision of TEKE’s BoD, with the consent of the BoG.

General Banking Secrecy Obligation

Greek credit institutions are subject to general banking secrecy obligation pertaining to their banking activities, which means that credit institutions are not allowed to disclose the information falling within the personal and economic sphere of customers, provided that such information is not public, but is known to the bank as result of its relationship with the customers (including any information, data and transactions pertaining to a client’s banking relationship). The general banking secrecy obligation is very broad and covers information made available to the credit institution in the context of any kind of banking services as set out in Law 4261 (such as, deposits, bank loans and other credit facilities, payment operations, guarantees, foreign currency exchange, financial leasing and factoring, credit cards or other means of payment, safe custody services, information relating to the creditworthiness of the clients, etc).

The general banking secrecy obligation may be lifted following the client’s explicit consent or due to a specific legislative provision (such as for the detection by the regulatory, fiscal and judicial authorities of tax, criminal or other offences, but subject to strict conditions for the lifting of the general banking secrecy obligation) and following requests made by regulatory, enforcement and tax authorities.

In case of infringement by a credit institution of the general banking secrecy obligation, such credit institution may incur civil liability (the customer whose information has been disclosed without authorisation may claim damages against the credit institution for any monetary loss sustained as a result of the disclosure, including moral damages) while the employees responsible may also face criminal liability.

Professional Secrecy Obligations

In addition, credit institutions in Greece are bound by strict professional secrecy obligations with respect to clients’ deposits, according to Article 1 of Legislative Decree 1059/1971, as amended and in force (Decree 1059). This obligation is applicable in relation to deposits of any kind (cash and securities), and therefore any information in relation to the deposit cannot be disclosed to third parties.

The provisions of Decree 1059 are strict, constitute mandatory law and may not be waived or restricted even where customers have provided their explicit consent or approval.

Exemptions apply only under special laws or circumstances which are very narrowly construed and assessed. Such professional secrecy requirement is not applicable in the case of:

• creditors who are entitled to request the seizure of the bank account by virtue of a court decision;
• the BoG when exercising its supervisory obligations or implementing the monetary or foreign exchange rules; and
• the tax authorities in relation to debts owed to the public sector.

In addition, the professional secrecy obligations in relation to deposits will be lifted following a justified request or decision of the competent body in the context of criminal proceedings, to the extent that the relevant information is required for the substantiation of the criminal activity. Exemption has also been provided to tackle tax evasion as well as money laundering.

Any breach may result in imprisonment for at least six months, and civil liabilities towards the relevant account holders may be invoked.

Capital Adequacy Requirements

The CRR and CRD IV (transposed into Law 4261) set out the capital adequacy requirements for credit institutions implementing, to some extent, the respective Basel III standards. Law 4799/2021 has transposed CRD V and BRRD II in Greece. As set out in 10. Horizon Scanning, the EU Commission has published the proposal for the adoption of the latest banking package in relation to the capital and prudential regime for credit institutions (CRR3 and CRD VI), in order to be fully aligned with the Basel III framework.

Credit institutions are required to have a minimum paid-up initial capital of EUR18 million. The capital resources that a credit institution is required to maintain may be constituted by a mixture of common equity Tier 1 Capital, Additional Tier 1 Capital and Tier 2 Capital. The CRR contains detailed legal and technical requirements for eligibility of capital instruments. As regards liquidity requirements, the CRD IV and CRR, as amended, provide for quantitative liquidity standards, including the liquidity coverage ratio (LCR) and the net stable funding ratio (NSFR).

In particular, credit institutions must at all times satisfy the following own-funds requirements (which are expressed as a percentage of the credit institutions’ total risk exposure):

• a common equity Tier 1 Capital ratio of 4.5%;
• a Tier 1 Capital ratio of 6%;
• a total capital ratio of 8%; and
• a leverage ratio of 3%.

Buffer Requirements

The CRR 2 also introduced a leverage ratio buffer requirement for institutions identified as global systemically important institutions (G-SIIs), to be applicable as of 1 January 2023. On 16 February 2021, the EU Commission issued a report and concluded that it does not consider it appropriate to introduce a leverage ratio surcharge for other systemically important institutions (O-SIIs) for the time being.

The combined buffer requirement includes the capital conservation buffer, the counter-cyclical capital buffer, the G-SIIs buffer, the O-SIIs buffer and the systemic risk buffer. Α capital conservation buffer of 2.5% of a credit institution’s total exposures should be maintained so that credit institutions are able to avoid breaches of minimum capital requirements during periods of stress. In the context of its macro-prudential supervision, the BoG is responsible for setting the counter-cyclical capital buffer rate for Greece on a quarterly basis.

From 1 January 2016 to the date of writing (December 2023), the BoG has kept the counter-cyclical capital buffer rate for Greece at 0% (ie, at the lowest end of the permissible range), thus not affecting the capital requirements of credit institutions. The O-SII buffer consists of common equity Tier 1 Capital and its rate is set by the BoG at a level of up to 2% of the total risk exposure amount and is reviewed at least once a year. The BoG has defined that the four Greek systemic credit institutions qualify as O-SIIs (and should comply at a solo level, while their parent financial holdings should also comply at a consolidated level) and set the applicable O-SII buffer rates (1% for 2023 and 1–1.25% for 2024). The combined buffer for 2023 was set at 2.5% for less significant credit institutions and at 3.5% for the four systemic credit institutions. The BoG has decided not to activate the systemic risk buffer and the global systemic institutions buffer. The BoG has additional macro-prudential tools to apply towards credit institutions.

Supervisory Review and Evaluation Process

Credit institutions are required to assess the adequacy of their own capital through the Internal Capital Adequacy Assessment Process, which is then subject to review by the regulator in the context of the Supervisory Review and Evaluation Process (SREP) where the results from the stress tests are also assessed. The BoG or the ECB may impose additional capital requirements in the context of the SREP assessment, if such evaluation reveals major deficiencies or in other cases provided by law. In particular, the Pillar Two requirement (P2R), which is determined on the basis of the SREP, is a credit institution-specific capital requirement which applies additionally in order to cover risks that are underestimated or not covered by the minimum capital requirement. The capital the ECB or BoG asks credit institutions to keep based on the SREP also includes the Pillar Two Guidance (P2G), which indicates to credit institutions the adequate level of capital to be maintained to provide a sufficient buffer to withstand stressed situations. Unlike the P2R, the P2G is not legally binding.

Additional Own Funds Requirements

Following the transposition of the CRD V into Greek law, the competent authority may impose additional own funds requirements in accordance with Articles 104a et seq. In addition, credit institutions are obliged to set their internal capital at an adequate level of own funds sufficient to cover all the risks expected to be covered by a credit institution, and to ensure that the credit institution’s own funds can absorb potential losses resulting from stress scenarios, including those identified under the supervisory stress test. Guidance on additional own funds is provided to credit institutions by the competent authorities. The quantitative capital requirements under the CRD IV and CRR are supplemented by the obligation under the BRRD as amended by BRRD II for credit institutions to satisfy at all times a minimum requirement for own funds and eligible liabilities (“MREL”), which is determined by the competent resolution authority on an annual basis (on a credit institution-specific basis). The target for the MREL requirement (as determined under the BRRD II by the resolution authority) is composed of a loss-absorption amount (LAA), which includes the sum of the Pillar One requirement and the Pillar Two requirement as determined by the competent authority, and any requirement in relation to the leverage ratio and a recapitalisation amount (RCA). Greek credit institutions have already taken initiatives to meet the MREL by the end of 2025 (ie, they have issued in recent years Additional Tier 1 capital instruments (AT1) and Tier 2 capital and senior unsecured bonds, which are also an additional source of funding).

Resolving a Failing Credit Institution – Resolution Measures

Greek Law 4335/2015, as amended (Law 4335), incorporated the provisions of Directive 2014/59/EU (BRRD) into Greek legislation and set out the legal framework for the recovery and resolution of credit institutions. This was amended, in 2021, by Law 4799/2021, transposing the BRRD II into Greek law. The BRRD (as amended by BRRD II) is, in general, in line with the FSB Key Attributes of Effective Resolution regime, which is a soft law.

In the case of a credit institution failure, the provisions of Law 4335 are applicable. More specifically, the credit institution’s BoD, which considers the credit institution to be failing or likely to fail on the basis of certain objective criteria, must notify, without undue delay, the BoG in accordance with Law 4335 and the Bank of Greece Act No 111/2017.

At an earlier stage in the deterioration of a credit institution’s financial conditions, the resolution authorities may adopt one of the early intervention measures provided in Law 4335 (eg, to require the BoD of the credit institution to implement one or more of the arrangements or measures set out in the recovery plan or to require one or more members of the management body to be removed or replaced). The BoG has already endorsed the EBA guidelines on recovery plan indicators (BoG 22/1/2.11.2023). In addition, the competent resolution authority may take a resolution action where all the following conditions are met, regardless of whether an early intervention measure has been adopted:

• the credit institution is failing or likely to fail;
• there is no reasonable prospect that any alternative private sector measures or supervisory action would prevent the failure of such credit institution within a reasonable timeframe; and
• a resolution action is necessary in the public interest.

In particular, the resolution authorities may use one or more of the following resolution tools:

• the power to transfer to a purchaser shares or other instruments of ownership issued by (or all of any assets, rights or liabilities of) the credit institution under resolution (the “sale of business” tool);
• the power to transfer to a bridge institution, which shall be a legal person that is wholly or partially owned by one or more public authorities and controlled by the resolution authority, shares or other instruments of ownership issued by (or all of any assets, rights or liabilities of) the credit institution under resolution (the “bridge institution” tool);
• the power to transfer the assets, rights or liabilities of the credit institution under resolution or of a bridge institution to one or more asset management vehicles (the “asset separation” tool); or
• the write-down and conversion powers in relation to the liabilities of a credit institution under resolution (“bail-in” tool).

Other measures can be used to the extent that they conform to the principles and objectives of the resolution set out under the BRRD. In circumstances of extraordinary systemic crisis, the credit institution’s resolution may, as a last resort, involve government financial stabilisation tools consisting of public equity support and temporary public ownership tools. These measures would nonetheless only become available if certain conditions are met, including that the credit institution’s shareholders and creditors bear losses equivalent to 8% of the credit institution’s liabilities.

A special commissioner may be appointed by the resolution authorities to replace the BoD of the credit institution under resolution.

Principles – Protection of Depositors

When applying the resolution tools and exercising the resolution powers, the resolution authorities should take into account certain principles provided under the BRRD, including that:

• the shareholders of the credit institution under resolution bear first losses;
• the creditors of the credit institution under resolution bear losses after the shareholders in accordance with the order of priority of their claims under normal insolvency proceedings, save as expressly provided otherwise in Law 4335;
• the creditors of the same class are treated in an equitable manner (unless otherwise provided);
• no creditor shall incur greater losses than would have been incurred if the credit institution had been wound up under normal insolvency proceedings; and
• the covered deposits are fully protected.

In any case, the eligible deposits held with the credit institutions will be protected up to EUR100,000 (covered deposits) and are therefore excluded from the scope of application of the bail-in tool.

If the credit institution’s authorisation is revoked, the credit institution will be mandatorily placed under a special liquidation in accordance with Law 4261. The provisions of the Greek Bankruptcy Code (Law 4738/2020, as amended) may apply additionally to the provisions of the special liquidation of a credit institution, to the extent that they do not contradict Article 145 et seq of Law 4261 or any delegated BoG acts. Article 145a of Law 4261 provides the hierarchy of claims in the special liquidation of credit institutions. Law 3458/2006, as amended, incorporates Directive 2001/24/EC in Greece and provides for the special liquidation procedure applicable to credit institutions.

EU Regulations

The EU banking package

One of the most significant legislative initiatives at an EU level is the EU banking package implementing the Basel III framework (which has not yet been fully implemented in the EU). The EU Commission published a proposal for a regulation amending the CRR as regards requirements for credit risk, credit valuation adjustment (CVA) risk, operational risk, market risk and the output floor, and for a directive amending the CRD IV as regards supervisory powers, sanctions, third-country branches, and environmental, social and governance (ESG) risks. The new provisions aim to ensure that EU credit institutions become more resilient to potential future economic shocks, while contributing to the EU’s recovery from the COVID-19 pandemic and the transition to climate neutrality. Apart from the provisions of the banking package implementing Basel III, there are also provisions going beyond Basel III (such as credit institutions’ obligation to identify, disclose and manage ESG risks at an individual level, the harmonised framework in relation to fit and proper assessment of key function holders, as well as a new common framework in relation to third-country institutions’ branches due to their material footprint in the EU).

Proposals on payment services and credit transfers

In the context of payment services, a proposal for the Payment Services and Electronic Money Services Directive (PSD3), Payment Services Regulation (PSR) and Regulation on a Framework for Financial Data Access (FIDA) was issued on 28 June 2023. The above package aims, inter alia, to contribute to further harmonisation and consistent application of the legal requirements, avoiding regulatory arbitrage and ensuring a level playing field between the different types of payment service providers. The EU Commission unveiled, at the end of October 2022, a proposal for a regulation amending Regulations (EU) No 260/2012 and (EU) 2021/1230 as regards instant credit transfers in euros, in order to force credit institutions to offer instant payments in euros at no extra cost and enable the speedy transfer of money at any time (24/7).

AML/CFT rules

In addition, in July 2021, the EU Commission presented a package of legislative proposals to strengthen the EU’s AML/CFT rules which is now very close to the final stage. The AML/CFT package includes, among other things, a proposal for the creation of a new EU authority (“AMLA”) that will transform AML/CFT supervision in the EU and enhance co-operation among financial intelligence units (FIUs). It will be the central authority co-ordinating national authorities to ensure the private sector correctly and consistently applies EU rules. In addition, the 6th AML/CFT Directive will replace the existing 4th AML/CFT Directive (Directive (EU) 2015/849) as amended and will include provisions that will be transposed into national law, such as rules on national supervisors and FIUs in member states. It is noted that the AML/CFT package includes a proposal for a regulation on AML/CFT, which will be directly applicable throughout EU member states, and will include provisions on customer due diligence in order to achieve harmonisation throughout the EU.

National Regulations

At a national level, a new law was recently enacted (Greek law 5072/2023, official government gazette 198 A 4.12.2023), which provides, among other things, for the transposition into Greek law of Directive (EU) 2021/2167 on credit servicers and credit purchasers, as well as measures for the protection of vulnerable borrowers, the establishment of a Private Debt Monitoring Register, amendments in Law 4335/2015 (implementing the BRRD in Greece) and the Greek Bankruptcy Code, as well as other provisions.

The above law expands the type of entities that are allowed to grant credit, which is a regulated activity under Greek law, but again only for specific purposes. More specifically, under the above law, credit companies (which are currently authorised by the BoG to grant credit only to natural persons to cover their consumer and personal needs) and credit servicing companies (which are currently authorised by the BoG to service loans and credit claims and may also be entitled to provide loan refinancing services but only for loans that they service) will be entitled to grant loans (of any type) to natural persons and legal entities, but only for the purposes of refinancing or restructuring existing loans provided to the borrower by any credit or financial institution.

The shift towards a greener and more sustainable economy has become a key priority at a global and EU level. Following the publication of the 2030 Agenda for Sustainable Development by the UN General Assembly (in 2015), setting out the core sustainable development goals (SDGs), the EU Commission took these SDGs into account in the next steps towards a sustainable EU future, and presented the European Green Deal in 2019, part of which is a European green investment plan that aims to establish a framework to facilitate the public and private investments needed for the transition to a climate-neutral, green, competitive and inclusive economy. A series of legislation and other initiatives in relation to sustainable finance and environmental, social and corporate governance (ESG) factors have also been published at an EU level. ESG has evolved and moved from the sidelines to the forefront of decision-making for an increasing number of credit institutions and investors when making investment decisions in the financial sector, which leads to increased longer-term investments into sustainable economic activities and projects.

In the banking sector, the main regulatory and legislative initiatives are the following.

International Level

The most important initiatives for the banking system include, among others, the United Nations Environment Finance Initiative (“UNEP FI”) and in particular the Principles of Responsible Banking and the Network for Greening the Financial Sector (NGFS). Equally, the Basel Committee adopts initiatives to make the financial system more actively involved in the sustainable transition. It is worth mentioning that the Principles of Responsible Banking have been adopted by the Greek systemic credit institutions (Piraeus Bank, Alpha Bank, Eurobank and the National Bank of Greece) which are founding members. The above principles determine the role and responsibilities of the banking sector in its collective effort to shape a sustainable future and the Greek credit institutions that have adopted such principles have committed to play a significant role in promoting actions to this end and to harmonise their activities with the global SDGs and the Paris Agreement on climate change. In addition, the Basel Committee on Banking Supervision has advanced work on addressing climate-related financial risks and, during the summer of 2022, published the principles for the effective management and supervision of climate-related financial risks. Equally, the Financial Stability Board created the Task Force on Climate-Related Financial Disclosures (“TCFD”) to improve and increase reporting of climate-related financial information.

EU Level

After setting sustainable development as a key pillar of its strategy, the EU is aiming to become the first climate-neutral continent. It is already developing a strategy to achieve this goal, while aligning its funding framework with the global SDGs. The EU has developed a targeted framework of actions to finance sustainable growth (EU Action Plan on Financing Sustainable Growth) structured around three main pillars (with ten sub-actions), namely: reorienting capital flows towards a more sustainable economy; mainstreaming sustainability into risk management; and fostering transparency and “longtermism”.

In the framework of the European Green Deal, the EU urges businesses and public authorities to orient themselves towards economic activities that have a lasting positive impact on the environment and that are either environmentally sustainable or contribute to the transformation of activities to become environmentally sustainable. In this respect, companies (including credit institutions) are already subject to extensive non-financial disclosure requirements and need (or will need) to comply with additional disclosure and organisational requirements in light of Regulation (EU) 2020/852 (“Taxonomy Regulation”) and include in their non-financial disclosures information on how and to what extent their activities are associated with economic activities that qualify as environmentally sustainable. The Taxonomy Regulation has been supplemented by delegated acts noting that the EU Commission has to come up with the actual list of environmentally sustainable activities by defining technical screening criteria for each environmental objective through delegated acts. In addition, Regulation (EU) 2019/2088, as amended by the Taxonomy Regulation (“Sustainable Finance Disclosures Regulation”), and Regulation (EU) 2019/2089 on sustainability benchmarks should be taken into account in the ESG framework. As of 2022 and in accordance with the aforementioned legislation (including the EBA technical standards) EU credit institutions must disclose information on ESG issues.

The EU launched numerous initiatives for financing the green and sustainable economy and for support of the EU goal to be carbon neutral by 2050, eg, EIB group climate credit institution roadmap 2021–2025 and EBRD’s Green Economy transition approach.

Credit institutions, like other financial sector participants, are therefore required to adjust their business models and develop plans to align their balance sheets with this transition to the sustainable economy, as well as to monitor and comply with the ESG legislative developments.

As of 2024, credit institutions will have to disclose their green asset ratio as an indication of their degree of alignment with the EU Taxonomy. In 2022, the ECB carried out a climate risk stress test as part of its annual stress test of significant institutions, since climate change and the transition to net-zero carbon emissions pose risks to households and firms, and therefore to the financial sector. Regular climate stress tests are expected to take place on the basis of guidelines on institutions’ ESG risks stress testing. In September 2023, the ECB published the results of its second economy-wide climate stress test. The results show that the best way to achieve a net-zero economy for firms, households and banks in the euro area is to accelerate the green transition to a rate that is faster than under current policies. In addition, the ECB published the climate change-related indicators in 2023.

In early 2022, the EBA also published binding standards on Pillar Three disclosures on ESG risks to ensure that stakeholders are well informed on credit institutions’ ESG exposures, risks and strategies, and can make informed decisions and exercise market discipline.

As mentioned in 10. Horizon Scanning, one of the most significant legislative initiatives is the EU banking package implementing the Basel III framework, which will, among other things, ensure the EU’s transition to climate neutrality. The EU has also published a proposal for a regulation on European green bonds.

National Level

In general, Greece follows the path adopted by the EU, since the majority of EU provisions are adopted in the form of regulations which are directly applicable throughout the EU. In the same way, in 2021, the BoG established the Climate Change and Sustainability Centre (CCSC) in order to continue the work that had been done in the previous years, when the Climate Change Impacts Study Committee (CCISC) was set up. The focus of the BoG is turning towards the compliance of credit institutions with the ESG principles and requirements, taking into account the reports and guidelines of EU regulators. The implementation of relevant directives, such as the Corporate Sustainability Reporting Directive, is expected to happen soon in Greece.

In addition, Greece’s first climate law (Law 4936/2022) was enacted in May 2022 by the Hellenic parliament, with the aim of establishing a coherent framework for improving climate resilience in Greece. Under the new law, a long list of undertakings, including credit institutions, is bound by carbon reporting obligations. The reports will be uploaded to a publicly accessible electronic database operated by the Organisation of Natural Environment and Climate Change (with 2022 as a reference year).