In brief: banking regulatory framework in Greece (2024)

Regulatory framework

Key policies

What are the principal governmental and regulatory policies that govern the banking sector?

EU banking legislation and principles have been incorporated into the Greek core banking laws, aiming to:

• safeguard the stability of the financial system and, for that purpose, the banking laws set out rules with regard to:
• authorisation;
• conduct of business;
• withdrawal of authorisation of banks;
• micro- and macroprudential supervision of banks;
• recovery and resolution of banks; and
• state aid of banks for their recapitalisation and deposit guarantee provisions; and
• ensure adequate protection of banks’ customers and transparency of transactions.

The Bank of Greece (BoG), which is the central bank of Greece, exercises its prudential powers in the banking sector and, in particular, supervises Greek banks along with the European Central Bank (ECB) in accordance with Council Regulation (EU) No. 1024/2013 on the Single Supervisory Mechanism (SSM) and the corresponding Regulation (EU) No. 468/2014 on the SSM framework.

Regulated institutions

What are the defining characteristics of a bank to be caught by the banking laws and regulations? Is non-bank fintech regulated differently?

A bank is an undertaking, the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account. Entities that are not licensed as banks are prohibited from carrying out the business of taking deposits or other repayable funds from the public. Greek banks are subject to licensing and other requirements under Law 4261/2014, as amended (Law 4261), which implemented the Capital Requirements Directive (CRD) IV (2013/36/EU), as amended, in Greece.

A non-bank fintech is not, in principle, subject to the same regulatory requirements as those applicable to banks. Depending on the nature of its activities, it might be subject to other licensing or registration requirements (eg, payment institutions, account information service providers, equity or lending crowdfunding platforms, providers of exchange services between virtual currencies and fiat currencies, and custodian wallet providers) that are less stringent than the requirements applicable to banks.

The notion of ‘fintech banks’ has already been reflected in the ECB guide published in 2018, referring to bank business models in which the production and delivery of banking products and services are based on technology-enabled innovation. In 2021, the BoG introduced its Regulatory Sandbox, which constitutes a regulatory regime that provides fintech companies with a controlled environment to test their innovative financial propositions for a specified period and while formally engaging with the BoG. The Regulatory Sandbox is open to:

• financial service providers that have been already authorised by the BoG and are looking to apply innovative, technology-enabled solutions in the provision of financial services that fall under the BoG’s remit; and
• non-authorised entities that either first obtain the appropriate authorisation – if they intend to carry out regulated activities themselves – or forge a partnership with an authorised institution and enter the Regulatory Sandbox together.

In parallel, the BoG publishes annually its fintech innovation hub report which includes a summary of the queries received by the BoG by interested parties, in order for the BoG to provide information and guidance on the regulatory and supervisory framework within the BoG’s competence (including new types of FinTech products that have emerged, in particular in the field of payments and credit, such as Buy-Now-Pay-Later).

Do the rules vary depending on the size or complexity of the banking institution?

The rules, principles and procedures apply to all Greek banks; however, banks may take into account the principle of proportionality (ie, the bank’s size, its internal organisation and nature, and the complexity of its activities) when applying the internal organisational and governance rules (eg, depending on the bank’s size and the complexity of its activities, the board of directors (BoD) of the bank should be assisted by certain committees such as the internal audit committee, the risk management committee and other committees, including the remuneration committee and IT steering committee).

Primary and secondary legislation

Summarise the primary statutes and regulations that govern the banking industry.

The primary statutes governing the Greek banking industry are the following.

• Law 4261 and the Capital Requirements Regulation (EU) No. 575/2013 (CRR), as amended, among others, by Regulation (EU) No. 2019/876 (CRR 2). Law 4261 was amended, among others, by Law 4799/2021, which transposed Directive 2019/878/EU (CRD V) into Greek law, and Law 4920/2022, transposing into Greek law the Investment Firms Directive (Directive (EU) No. 2019/2034 (IFD)). Law 4261 sets out, among other things, provisions regarding:
  • the establishment, authorisation and operation of banks;
  • the passport procedure;
  • the prudential supervision rules;
  • the powers of supervisory authorities and administrative penalties they may impose on banks;
  • the corporate governance of banks and their remuneration policy; and
  • the introduction of capital buffers to be maintained by banks.
• Law 4335/2015 transposed the Bank Recovery and Resolution Directive (BRRD) 2014/59/EU in Greece for the recovery and resolution of banks and investment firms. Law 4335/2015 was amended by Law 4799/2021 that transposed, among others, Directive 2019/879/EU (BRRD II) into Greek law.
• Law 4557/2018 (as amended by, among others, Law 4734/2020, Law 4816/2021, Law 4941/2022 and Law 5000/2022) sets out the anti-money laundering and countering the financing of terrorism (AML/CFT) framework. This law incorporates Directives (EU) Nos. 2015/849, 2018/843 and 2018/1673 in Greece.
• Law 4370/2016, as amended, transposed into Greek law, among others, the Deposit Guarantee Schemes Directive 2014/49/EU.
• Law 2251/1994 on consumer protection, as amended and codified in the Consumer Protection Law.

Depending on the type of services offered to clients, banks should also comply with other laws of the financial sector, including:

• the Markets in Financial Instruments Regulation (EU) No. 600/2014 and Law 4514/2018, transposing the Markets in Financial Instruments Directive II (2014/65/EU) in Greece while providing investment services. Law 4514/2018 was amended by Law 4920/2022, which transposed into Greek law the IFD and the MiFID II ‘Quick Fix’ Directive (EU) No. 2021/338; and
• Law 4537/2018 transposing the Payment Services Directive 2 (2015/2366/EU) in Greece while providing payment services.

In addition to the laws of the banking sector, Greek banks should also comply with other laws, including Law 4548/2018 on sociétés anonymes and Law 4706/2020 on corporate governance of listed entities, as applicable.

Primary regulations that govern the Greek banking industry are issued by the BoG and include the following:

• BoG Governor’s Act 2501/2002 on the information that banks must provide to customers;
• BoG Governor’s Act 2577 of 9 March 2006 on the organisational requirements and internal control functions of credit and financial institutions;
• BoG Governor’s Act 2651/2012 and BoG Executive Committee Act 214 of 12 December 2022 on the information that supervised institutions have to report on a regular basis to the BoG (to the extent applicable);
• BoG Executive Committee Act 142 of 11 June 2018 (as amended by BoG Act 178/4 of 2 October 2020) on the procedures for:
  • the authorisation of banks in Greece;
  • the acquisition of, or increase in, a holding in banks; and
  • the taking up of a post as a member of the BoD and as a key function holder of banks;
• BoG Executive Committee Act 178 of 2 October 2020 as regards the outsourcing of activities; and
• other BoG acts (including BoG Governor’s Acts, BoG Executive Committee Acts, BoG Banking and Credit Matters Committee Decisions, and BoG Credit and Insurance Committee Decisions) and the European Banking Authority guidance, etc.

Regulatory authorities

Which regulatory authorities are primarily responsible for overseeing banks?

The BoG is the national competent authority for supervising the banking sector and exercising prudential supervision over Greek banks; however, within the SSM, the ECB directly supervises the following significant credit institutions authorised in Greece:

• Alpha Bank SA;
• Eurobank SA;
• National Bank of Greece SA; and
• Piraeus Bank SA.

Less significant banks are supervised directly by the BoG, which is the competent authority for overseeing entities of the financial sector, including payment institutions, credit companies and credit servicing firms.

The BoG is also the national resolution authority and, along with the Single Resolution Board (SRB), is established within the Single Resolution Mechanism to exercise the resolution powers. The SRB is competent for the banks supervised directly by the ECB. The BoG is also responsible for supervising the compliance of banks with the AML/CFT framework.

The Hellenic Capital Market Commission (HCMC) is the competent authority for monitoring the implementation of Law 4514 with respect to investment services; however, the BoG remains responsible for supervising banks’ compliance with Law 4514 and cooperates closely with the HCMC in that respect.

The HCMC is also competent for ensuring the implementation of market abuse legislation and overseeing compliance by any obliged entity, including Greek banks, with the Market Abuse Regulation (EU) No. 596/2014 (MAR) and Law 4443/2016, which supplements MAR in Greece.

Government deposit insurance

Describe the extent to which deposits are insured by the government. Describe the extent to which the government has taken an ownership interest in the banking sector and intends to maintain, increase or decrease that interest.

The Hellenic Deposit and Investment Guarantee Fund (TEKE) is the operator of the deposit guarantee and investment compensation schemes as well as the resolution fund of Greek banks. It is governed by Law 4370/2016, which transposed into Greek law the Deposit Guarantee Schemes Directive, which was amended by, among others, Laws 4783/2021, 4920/2022 and 4972/2022.

According to Law 4370/2016, all Greek banks (ie, CRR credit institutions) must become members of the deposit coverage scheme held with TEKE. Such participation automatically activates the participation of banks in the TEKE resolution scheme. Participation in the investor compensation scheme, which is another department of TEKE, is also mandatory for Greek banks.

The maximum level of coverage is set to €100,000 per depositor, per credit institution (irrespective of the number of deposit accounts held in the credit institutions, the currency of such deposits and the location of such deposit accounts), with certain limited exemptions where the compensation may be up to €300,000 (eg, for sale or expropriation of private residential property, payment of lump sum retirement benefit or periodical pension benefits and compensation owing to termination of employment).

Following the global financial crisis of 2007–2009 and its consequences for the Greek financial system, one of the measures taken to enhance the capital adequacy of Greek banks was the establishment of the Hellenic Financial Stability Fund (HFSF). The HFSF was incorporated with the objective of contributing to the stability of the Greek banking system for the public interest and currently has the following participations in Greek banks:

• Alpha Bank SA: 9 per cent;
• Eurobank SA (through Eurobank Holdings): 1.4 per cent;
• National Bank of Greece SA: 40.39 per cent;
• Piraeus Bank SA (through Piraeus Financial Holdings SA): 27 per cent; and
• Attica Bank: 62.93 per cent.

In 2021, the HFSF reduced its participation in the share capital of Greek banks through share capital increases. In parallel, Law 3864/2010 was amended in 2021 with respect to the internal organisation of the HFSF and its participation in banks’ share capital increases, among other things. The law was further amended in 2022 by Law 4941/2022, particularly in relation to the HFSF’s divestment strategy.

On 11 January 2023, the HFSF announced the completion of the update process for the divestment strategy, which was drawn up pursuant to Law 3864/2010 and has been approved by the Ministry of Finance. The current HFSF legal framework elevates the divestment objective to a par with the fund’s other objective, namely its contribution to the maintenance of the financial stability of the Greek banking system for the sake of public interest, and sets year end 2025, the HFSF’s sunset date, as the deadline for completion.

Transactions between affiliates

Which legal and regulatory limitations apply to transactions between a bank and its affiliates? What constitutes an ‘affiliate’ for this purpose? Briefly describe the range of permissible and prohibited activities for financial institutions and whether there have been any changes to how those activities are classified.

Law 4548/2018 on sociétés anonymes prohibits the conclusion of transactions with related parties unless certain corporate approvals (ie, a specific permission by a resolution of the BoD or the shareholders’ general meeting of the company, as the case may be) and publicity requirements are met. Related parties are determined as follows:

• by reference to the parties qualifying as ‘related parties’ in accordance with the international accounting standard (IAS) 24 and the legal entities controlled by them in accordance with IAS 27 for listed companies (ie, all Greek systemic banks);
• the BoD members, the persons who exercise control over the bank, close family members of such persons as well as legal entities controlled by these individuals of non-listed companies; or
• other persons (eg, managing directors) to which the provisions of related parties have been extended by virtue of the companies’ articles of association.

Excluded from the scope of article 99 et seq of Law 4548/2018 (ie, provisions on related-party transactions) are agreements that are concluded by banks by virtue of measures adopted for ensuring their stability following the approval of the authority that is competent for their prudential supervision.

In addition, there are specific rules established by the BoG with respect to the conclusion of transactions by banks with persons who have a special relationship with them, which may apply in parallel with the provisions of Law 4548/2018 on related-party transactions. Such specific rules of the BoG will be considered as lex specialis and will therefore prevail over the aforementioned provisions of Law 4548/2018.

BoG Act 2651 of 20 January 2012 defines the persons that have a special relationship with banks by specifying, among other things, the following categories (which are similar to the aforementioned categories of Law 4548/2018):

• their shareholders, meaning:
• the shareholders holding, directly or indirectly, an interest equal to or higher than 5 per cent of the share capital;
• the 10 largest shareholders;
• the persons controlling directly or indirectly the banks through written or other arrangements or in concert; or
• the persons controlling the legal persons included in the aforementioned categories;
• the legal persons directly or indirectly controlled by the banks, or where the banks have a qualifying holding;
• the legal persons who are under joint control with the banks;
• the natural or legal persons who have close links with the banks; and
• the natural persons that exercise managerial powers on the banks (including the BoD members and the chief officers of the internal control functions, as well as their close family members).

BoG Governor’s Act 2577 of 9 March 2006 imposes certain conditions with regard to transactions with persons that have a special relationship that concerns the internal procedures and documentation that banks should implement to ensure that the relevant loan terms do not deviate from the terms applied to other credit facilities of the same type. In addition, each participation in or lending to persons that have a special relationship with a bank is subject to the bank’s BoD approval or general meeting’s resolution, where required by law. It is possible for the BoD to establish a reasonable credit limit up to which a simple post-transaction notification of the respective loan suffices and no prior approval by the BoD is required.

Besides the procedures and restrictions mentioned above, there are reporting requirements both for the persons that have a special relationship with the banks as well as for the banks themselves towards the BoG, including under the provisions of the BoG Executive Committee Act 214 of 12 December 2022. Banks are also subject to increased disclosure obligations in the context of external audits in accordance with the international audit standards on related parties.

In addition, listed banks are subject to additional disclosure obligations in accordance with Law 3556/2007, which transposed the Transparency Directive 2004/109/EC, and with MAR.

Regulatory challenges

What are the principal regulatory challenges facing the banking industry?

Banks must comply with a series of newly introduced requirements in light of new legislation – including the CRD V, the CRR 2, the BRRD II, Securitisation Regulation (EU) No. 2017/2402 and other legislative texts – and are subject to extensive reporting requirements.

Despite the outbreak of the covid-19 pandemic, banks have remained resilient over the past year since they were able to withstand the adverse economic shock. In light of the geopolitical shock caused by Russia’s invasion of Ukraine and its immediate macro-financial consequences, which have increased the uncertainty regarding the evolution of the economy and the financial markets, the ECB has identified in its report the following areas as its priorities for 2023 to 2025.

• Banks should effectively remedy structural deficiencies in their credit risk management cycle, from loan origination to risk mitigation and monitoring, and address in a timely manner any deviations from regulatory requirements and supervisory expectations in order to remedy shortcomings in credit risk management, including exposures to vulnerable sectors.
• Banks reporting a high concentration of funding sources, in particular less stable ones, should diversify their funding structure by developing and executing sound and credible multi-year funding plans, taking into account challenges stemming from changing funding conditions to remedy the lack of diversification in funding sources and deficiencies in funding plans.
• In light of digitalisation and IT risks, banks should retain a strong focus on addressing structural challenges and risks stemming from the digitalisation of their banking services, with a view to ensuring the resilience and sustainability of their business models. Banks must also tackle vulnerabilities and risks stemming from a greater operational reliance on IT systems, third-party services and innovative technologies. They should also have robust outsourcing risk arrangements, and IT security and cyber resilience frameworks to proactively tackle any unmitigated risks that could lead to material disruption of critical activities or services, while ensuring adherence to the relevant regulatory requirements and supervisory expectations.

Regarding climate change, the need to address the challenges and grasp the opportunities arising from the climate transition and adaptation is becoming urgent for banks. Banks should adequately incorporate climate-related and environmental risks within their business strategy and their governance and risk management frameworks to mitigate and disclose such risks, aligning their practices with current regulatory requirements and supervisory expectations. The energy market disruption caused by the war in Ukraine has further underlined the need for the European Union to maintain momentum in the transition to renewable energy sources.

In Greece, owing to the current global situation, the important institutional changes introduced in 2020–2021 – including the reform of bankruptcy law, and the activation of the Hellenic Asset Protection Scheme and the extension of its application in the context of securitisation transactions of Greek banks (by virtue of which the state guarantees the senior notes in a securitisation covering any interest and the principal due for a certain premium), and other initiatives and efforts made to reduce non-performing loans (NPLs) – the NPL ratio of Greek banks has decreased; however, the efforts of banks to reduce NPLs from their portfolio should be intensified especially because, after the removal of the support measures taken in light of the covid-19 pandemic, new NPLs may emerge.

At the end of September 2022, NPLs amounted to €14.6 billion, and the ratio of NPLs to the total number of loans was 9.7 per cent; however, additional efforts are required for banks to be able to deleverage their balance sheets and reduce their NPL portfolios, as the NPL ratio in Greece remains higher than the average NPL ratio in the European Union.

Consumer protection

Are banks subject to consumer protection rules?

Banks are subject to consumer protection rules, which are mainly set out in the codified Consumer Protection Law. The main consumer protection rules that are included in the Consumer Protection Law and relevant to the banking sector are:

• provisions relating to the general terms of business, and the prohibition of abusive and unfair terms in contracts with consumers – in particular, terms are abusive if they result in an excessive imbalance of the rights and obligations of the parties to the detriment of the consumer, and such terms are considered void;
• provisions for the consumers’ pre-contractual and contractual information in respect of the distance provision of financial services; and
• provisions regarding advertising and unfair commercial practices.

Particular scrutiny has been drawn in relation to:

• the compliance of the banks with pre-contractual disclosure requirements (where applicable);
• the content of the agreements entered into with consumers, including the existence of any unfair or abusive terms; and
• advertising practices.

Ministerial Decision No. Ζ1-798 of 25 June 2008, as amended, provides for an indicative list of abusive and unfair terms that have been determined by the Consumer Protection Law and relevant jurisprudence to be unfair terms, which are therefore deemed null and void.

The BoG Governor’s Act No. 2501/2002 sets out the information obligations that the banks have towards their customers. The BoG has also adopted the BoG Executive Committee Act 157/1 of 2 April 2019, endorsing the guidelines of the Joint Committees on complaints management.

There are also specific rules regarding the provision of consumer credit, which are included in Ministerial Decision No. Z1-699 of 23 June 2010 transposing the Consumer Credit Directive 2008/48/EC in Greece. These rules apply to consumer credit agreements that involve a total amount of credit from €200 up to €75,000. In the case of consumer credits, banks have increased pre-contractual and contractual information obligations towards their customers. In June 2021, the European Commission issued a proposal for a revision of the Consumer Credit Directive that aims to adjust the current legal framework to cover new digital lenders and new online payment facilities, and to reduce the risks that consumers are facing (including consumers’ over-indebtedness).

The General Secretariat of Commerce and Consumer Protection under the Ministry of Development and Investments is the supervisory authority for the implementation of the Consumer Protection Law. In cases of breach of consumer legislation, administrative sanctions are imposed by virtue of a decision of the Ministry of Development and Investments. Where breaches of the Consumer Protection Law are committed by banks, administrative sanctions are imposed following the BoG’s decision. The General Secretariat of Commerce and Consumer Protection is also responsible for breaches of banks relating to the payment services legal framework (Law 4537/2018 implementing the Payment Services Directive 2 in Greece). The BoG is responsible for monitoring the banks’ compliance with the consumer protection rules included in BoG acts and with the BoG’s relevant instructions.

Future changes

In what ways do you anticipate the legal and regulatory policy changing over the next few years?

In light of the priorities that the ECB has adopted for 2023 to 2025, we expect that banks’ and supervisors’ focus will continue to be towards banks’ alignment with the environmental, social and corporate governance framework (including compliance with the principles set out in the ECB guide on climate-related and environmental risks), prudential risks emanating from cyber and digitalisation risks, and banks’ full compliance with Basel III, as well as the risks meaning from the war in Ukraine and high inflation.

In addition, banks should be prepared to further adjust their business to new legal developments. At the end of 2021, the European Commission initiated the revision of EU banking rules (the CRR and the CRD) to ensure that EU banks become more resilient to potential future economic shocks, while contributing to Europe’s recovery from the covid-19 pandemic and the transition to climate neutrality. This package finalises the implementation of Basel III in the European Union.

In January 2023, the members of the European Parliament adopted the above changes to make EU banks more resilient to future economic shocks and implement the international Basel III agreement, taking into account specificities of the EU economy.