The principal laws and regulations governing the Greek banking sector are the following.

• Law 4261/2014 (Law 4261), implementing in Greece Directive 2013/36/EU (CRD IV), and Regulation (EU) 575/2013 (CRR), as amended, among others, by Regulation (EU) 2019/876 (CRR 2). Law 4261 has been amended, among others, by Law 4799/2021, which transposed Directive 2019/878/EU (CRD V) into Greek law. Law 4261 sets out, inter alia, the provisions as regards:
1. the establishment, authorisation and operation of credit institutions;
2. the EU passport procedure and the licensing requirements in relation to third-country credit institutions providing services in Greece;
3. the prudential supervision rules applicable to credit institutions established in Greece;
4. the powers of supervisory authorities and the administrative penalties they may impose on credit institutions;
5. the corporate governance of credit institutions; and
6. the introduction of certain capital buffers to be maintained by credit institutions (in addition to the requirements of CRR).
• Law 4335/2015, as amended (Law 4335), implementing in Greece Directive 2014/59/EU (BRRD) on the recovery and resolution of credit institutions and investment firms. Law 4335 has been amended by law 4799/2021, which transposed, among others, Directive 2019/879/EU (BRRD II) into Greek law.
• Law 4557/2018, as amended by law 4734/2020 and law 4816/2021 (the “AML Law”) setting out the anti-money laundering and countering the financing of terrorism (AML/CFT) framework. The AML Law implements Directives 2015/849/EU (4th AML Directive), 2018/843/EU (5th AML Directive) and 2018/1673/EU (6th AML Directive) in Greece.
• Law 4370/2016, as amended, transposed into Greek law, among others, Directive 2014/49/EU (the Directive on Deposit Guarantee Schemes).
• Law 2251/1994 on consumer protection, as amended and codified by Ministerial Decision 5338/2018, and as currently in force (the “Consumer Protection Law”).

Depending on the type of services offered to clients, credit institutions should also comply with other laws of the financial sector, including:

• Regulation (EU) 600/2014 (the MiFIR) and Law 4514/2018, as amended, transposing Directive 2014/65/EU (MiFID II) in Greece as regards the provision of investment services; and
• Law 4537/2018 transposing Directive 2015/2366/EU (PSD2) in Greece as regards the provision of payment services.

In addition to the laws of the banking sector, Greek credit institutions should also comply with other laws, including Law 4548/2018 on sociétés anonymes, Law 4706/2020 on corporate governance of listed entities, as applicable, as well as Regulation (EU) 2016/679 (General Data Protection Regulation) and Law 3471/2006.

The above laws are supplemented by acts issued by the Bank of Greece (BoG), including the BoG Governor’s Act 2501/2002, as amended and currently in force, on the information that credit institutions must provide to their customers, the BoG Governor’s Act 2577/2006 on the organisational requirements and internal control functions of credit and financial institutions, the BoG Act 392/31.05.2021 on the revision of the Code of Conduct under Greek Law 4224/2013, and the BoG Executive Committee act 178/2020 as regards the outsourcing of activities as well as guidelines issued by the European Central Bank (ECB), the European Banking Authority (EBA) and other EU authorities.

The BoG is the national competent authority supervising the banking sector and exercising prudential supervision over Greek credit institutions. However, within the Single Supervisory Mechanism (SSM), the ECB supervises directly the following significant credit institutions authorised in Greece:

• Alpha Bank SA;
• Eurobank SA;
• National Bank of Greece SA; and
• Piraeus Bank SA.

Less significant credit institutions are supervised directly by the BoG, which is the competent authority for overseeing entities of the financial sector, including payment institutions, credit companies and credit servicing firms.

The BoG is also the national resolution authority and, along with the Single Resolution Board (SRB), is established within the Single Resolution Mechanism to exercise the resolution powers. The SRB is competent for the credit institutions supervised directly by the ECB.

In addition, the BoG is also responsible for supervising the compliance of credit institutions with the AML/CFT framework.

The Hellenic Capital Market Commission (HCMC) is the competent authority for monitoring the compliance of credit institutions with Law 4514/2018, with respect to investment services, with the exemption of certain areas which remain in the competence of the BoG.

The HCMC is also responsible for monitoring compliance with market abuse legislation, including Regulation (EU) 596/2014 (MAR) and Law 4443/2016, which supplements MAR in Greece.

Banking Licence

Credit institutions established and operating in Greece must be authorised by the ECB, which co-operates closely with the BoG. Τhe authorisation of credit institutions in Greece is one of the “common procedures”, as defined in Regulation (EU) 468/2014 (ECB/2014/17), on which the final decision lies with the ECB.

Greek credit institutions may be established and operate in Greece as i) sociétés anonymes (which is the most common legal type); ii) pure credit cooperatives under Law 1667/1986; iii) European Societies (SE) under Regulation (EU) 2157/2001; or iv) European Co-operative Societies under Regulation (EU) 1453/2003.

Greek credit institutions may be licensed to perform all banking activities listed in Annex I of CRD IV (universal licence), namely:

• the acceptance of deposits and other repayable funds;
• lending including, inter alia, consumer credit, credit agreements relating to immovable property, factoring, with or without recourse, financing of commercial transactions (including forfeiting);
• financial leasing;
• payment services as defined in article 4(3) of the PSD2;
• issuing and administering other means of payment (ie, travellers’ cheques and bankers’ drafts) insofar as such activity is not covered by the above point;
• guarantees and commitments;
• trading for own account or for account of customers in any of the following:
1. money market instruments (cheques, bills, certificates of deposit, etc);
2. foreign exchange;
3. financial futures and options;
4. exchange and interest-rate instruments; and
5. transferable securities;
• participation in securities issues and the provision of services relating to such issues, particularly underwriting;
• advice to undertakings on capital structure, industrial strategy and related questions, and on services relating to mergers and the purchase of undertakings;
• money broking;
• portfolio management or advice;
• safekeeping and administration of securities;
• credit reference services, including customer credit rating;
• safe custody services;
• issuing electronic money; and
• investment services and activities as well as ancillary services provided for in Law 4514/2018.

In addition to the above, the BoG may allow credit institutions to carry out other financial or ancillary activities, provided that the relevant risks are fully hedged.

Natural persons or legal entities that are not licensed credit institutions are prohibited from taking deposits or other repayable funds from the public. Moreover, the provision of credit/financing in a professional capacity is a regulated activity in Greece, which is allowed only to duly licensed credit institutions or certain financial institutions (such as Greek authorised credit companies).

EU licensed credit institutions may perform banking activities in Greece, on the basis of the EU passport; ie, through their right to establishment or on a cross-border basis, provided that the EU licensed credit institution notifies the home member state’s authority that will transmit the notification to the BoG.

Authorisation Process

The authorisation of a credit institution in Greece by the ECB/BoG is subject to the requirements set out in Law 4261 as supplemented by the BoG Act 142/11.6.2018, as amended and in force, as well as and other BoG acts.

A legal entity to be licensed as a credit institution must meet at least the following:

• a full paid-up initial capital equal to EUR18 million (in case of credit co-operatives an amount of EUR6 million) as well as payment of any additional funds that may be required in order to ensure that, during the first three years of operation, the own funds of the new credit institution will meet the expected capital requirements and the minimum initial capital on a continuous basis;
• suitable shareholders which are subject to an assessment by the ECB/BoG;
• at least two persons who effectively direct the business and are subject to “fit and proper” assessment;
• the Board of Director (BoD) members that are subject to the fit and proper assessment; and
• the participation of the institution to the Deposit Guarantee Scheme.

The licensing application must be accompanied, inter alia, by the following.

• A programme of operations setting out the types of business envisaged and the structural organisation of the credit institution, including an indication of the parent undertakings, financial holding companies and mixed financial holding companies within the group. The programme of operation must include a three-year business plan with the scope of work, the timetable for achieving the objectives of the credit institution, the structure of the group to which it belongs and the framework of the internal control functions, including the internal audit, risk management and compliance functions and procedures required for compliance with its organisational obligations.
• Fit and proper assessment with respect to the BoD members and the key function holders.
• Information on shareholders with holdings exceeding 1% and questionnaires for assessing the persons/entities holding a qualifying holding.
• The funding sources and forecast balance sheet, income statement and cash flow statement
• The anticipated course of the capital adequacy ratio during the first three years of operation of the credit institution, indicating the underlying method of risk assessment and measurement, in accordance with the applicable supervisory framework.
• Policies and procedures (including AML policy, conflict of interest policy, compliance policy, outsourcing policy, IT policies etc).

Following the BoG assessment of the licensing application, the BoG proceeds to the submission of a proposal (ie, draft decision) to the ECB that takes the final decision. Otherwise, if the BoG considers that requirements are not met, the BoG rejects the licensing request.

Timing and Cost Estimates

According to Law 4261 the BoG/ECB must revert to the applicant with a decision (ie, to grant or refuse the licensing application) within six months from the receipt of the application, that may be extended to 12 months of the receipt of the application.

No fees are required to be paid by the applicant for the submission of the application to the BoG. However, applicants should take into account the fees paid to legal counsel and financial/technical advisors.

Any natural person or legal entity (or persons acting in concert) that has decided either to acquire, directly or indirectly, a qualifying holding in a credit institution (ie, 10%) or to further increase, directly or indirectly, such a qualifying holding in a credit institution as a result of which the proportion of the voting rights or of the capital held would reach or exceed 20%, 30% or 50% or so that the credit institution would become its subsidiary, must notify the BoG in advance in accordance with the qualifying holding process set out in Law 4261.

The proposed acquirer must submit to the BoG a notification accompanied by certain questionnaires and required supporting documents in relation to the persons/entities that will acquire (directly or indirectly) a qualifying holding in the credit institution. In certain cases, a business plan that must contain a minimum set of information should also be submitted by the proposed acquirer.

The BoG will assess whether the potential acquisition complies with all regulatory conditions and will prepare a draft decision which is submitted to the ECB. The ECB will thereafter decide whether or not to oppose the acquisition on the basis of its assessment of the proposed acquisition and the BoG’s draft decision. In terms of timing, the regulators will assess the proposed acquisition within 60 business days from the date of the written acknowledgment of receipt of a complete file. This can be extended up to 90 business days from the receipt of a complete file.

A person may be deemed to be acquiring a qualifying holding even in circumstances where they acquire less than 10% of the shares and voting rights, since the definition of qualifying holding also includes cases where a proposed acquirer is deemed to exercise a “significant influence” over the management of a credit institution. Under Law 4261, a prior notification to the BoG is also required with respect to the acquisition or increase of a holding that would reach or exceed 5% in the share capital or voting rights of a Greek credit institution. The BoG will, thereafter, conduct an ad hoc assessment and decide, within five business days, whether such acquisition or increase will constitute a significant influence, and if so, it will notify the proposed acquirer and carry out an assessment in light of the qualifying holding process.

Credit institutions are also subject to reporting requirements to the BoG (on becoming aware of any acquisitions or disposals of holdings which cause holdings to exceed or fall below the relevant thresholds, or where a change occurs or on an annual basis).

Besides the aforementioned qualifying holding approval process, notification requirements under Greek Law 3556/2007, as amended and in force (Law 3556) implementing the Transparency Directive (Directive 2004/109) in Greece, might be also triggered as regards the acquisition of significant shareholdings in entities whose shares are traded on a regulated market (noting that the majority of the significant Greek credit institutions are wholly owned by financial holding companies which are listed on ATHEX). The shareholders should notify the issuer and the HCMC of the percentage of voting rights held by them if they acquire directly or indirectly or dispose of shares of the issuer carrying voting rights and if, as a result of that acquisition or disposal, the percentage of their voting rights reaches or exceeds or falls below the applicable thresholds (ie, 5%, 10%, 15%, 20%, 25%, ⅓, 50% and ⅔) or reaches, exceeds or falls below the aforementioned applicable threshold as a result of corporate events changing the breakdown of voting rights and on the basis of information disclosed by an issuer. A notification obligation also lies with any shareholder who holds voting rights exceeding 10%, if such percentage changes by 3% or more, following acquisition or disposal of voting rights or other corporate events altering the breakdown of voting rights. New changes exceeding 3% create a new notification obligation.

Additional requirements may be also triggered under competition law.

Credit institutions are subject to corporate governance requirements stemming from Law 4261, which is supplemented by the BoG Governor’s Act 2577/20.3.2006 as amended and in force, which sets out the internal organisation and governance requirements that all Greek credit institutions must comply with. Other BoG acts must be also taken into account for specific requirements (such as outsourcing requirements, information and technology security arrangements, etc). EBA guidelines on internal governance (EBA/GL/2021/05) have not yet been implemented into Greek law, but the BoG has confirmed that it will comply with them.

More specifically, credit institutions must have robust governance arrangements, which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks they are or might be exposed to, adequate internal control mechanisms, including sound administration and accounting procedures, and remuneration policies and practices that are consistent with and promote sound and effective risk management. Such arrangements, processes and mechanisms must be proportionate to the nature, scale and complexity of the risks inherent in the business model and the credit institution’s activities.

Greek credit institutions must have in place the following.

• A BoD that has the overall responsibility for the credit institution and approves and oversees the implementation of the institution’s strategic objectives, risk strategy and internal governance. At least two persons of the executive BoD members will effectively direct the business of the institution. The BoD must have, at least, one non-executive and independent member or where certain criteria are met, two non-executive and independent members. The chairman of the BoD cannot, at the same time, be the CEO of the credit institution. The BoD must monitor and periodically assess the effectiveness of the credit institution’s governance arrangements and take appropriate steps to address any deficiencies.
• Committees, including an audit committee, a risk management committee, a nomination committee, a remuneration committee and others depending on certain criteria (including the institution’s total assets).
• Internal audit, risk management and compliance functions.

• An AML/CFT function that must be established in the compliance unit, including an AML/CFT officer.

• A complaints-handling function, an information technology and security officer, chief finance officer, the staff providing the services, etc.

Greek credit institutions must also comply with the requirements (including organisation requirements) stemming from the BoG Act 392/31.05.2021 on the revision of the Code of Conduct under Greek law 4224/2013 when providing credit to customers.

In addition, Greek credit institutions that are listed on the ATHEX must also comply with the corporate governance requirements of Greek law 4706/2020. In June 2021, a new Hellenic Corporate Governance Code (Code) was issued by the Hellenic Corporate Governance Council for listed companies. The Code is voluntary and facilitates the formulation of corporate governance policies and practices, which listed companies must follow depending on the characteristics of each company.

Finally, the BoD must adopt a Code of Ethical Conduct applied by the management and all the staff of the credit institution on the basis of generally accepted principles (diligence, efficiency, responsibility, professional secrecy, etc).

Directors’ and Senior Management Designation

The members of the BoD and senior management are proposed by the nomination committee to the BoD or the shareholders’ general meeting respectively on the basis of the suitability criteria including their honesty, integrity and independence of mind promoting the diversity of the management bodies. Senior management (including the key function holders) is finally appointed by the BoD, whereas directors are elected by the shareholders’ general meeting.

Fit and Proper Assessment

The BoD members and the senior managers of Greek credit institutions must meet specific suitability requirements and are subject to fit and proper assessment by the BoG/ECB (as the case may be) for the latter to assess that the BoD members and senior managers are of sufficiently good repute and possess sufficient knowledge, skills and experience to perform their duties and act with honesty, integrity and independence of mind.

The BoD must also possess adequate collective knowledge, skills and experience to be able to understand the credit institution’s activities, including the main risks. The overall composition of the BoD will need to reflect an adequately broad range of experience.

The key function holders (namely, the head of internal audit, head of risk management, head of compliance, chief financial officer, internal audit committee’s members and money laundering reporting officer (MLRO)) are also subject to the above criteria and the fit and proper assessment by the BoG/ECB (as the case may be).

More specifically, the persons appointed to hold any of the above positions must submit to the BoG, through the credit institution, a completed questionnaire on the fit and proper assessment of the BoD members and key function holders.

BoD Roles and Accountability

The BoD defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of the credit institution, including the segregation of duties in the organisation and the prevention of conflicts of interest. Such arrangements are in line with the following principles:

• the BoD has the overall responsibility for the credit institution and approves and oversees the implementation of the credit institution’s strategic objectives, risk strategy and internal governance;
• the BoD ensures the integrity of the accounting and financial reporting systems, including financial and operational controls and compliance with the law and relevant standards;
• the BoD oversees the process of disclosure and communications (as may be required by law); and
• the BoD is responsible for providing effective oversight of senior management.

The remuneration requirements applicable to Greek credit institutions are in line with the provisions of CRD IV (as amended) that have been transposed into Law 4261.

According to Law 4261, when establishing and applying the remuneration policies for categories of staff whose professional activities have a material impact on the credit institution’s risk profile, credit institutions apply the requirements in a manner that is appropriate to their size, internal organisation and the nature, scope and complexity of their activities.

The staff whose professional activities have a material impact are the following:

• all members of the BoD and senior managers;
• staff members with managerial responsibility over the credit institution’s control functions or material business units; and
• staff members entitled to significant remuneration in the preceding financial year, provided that the following conditions are met:
1. the staff member’s remuneration is equal to or greater than EUR500,000 and equal to or greater than the average remuneration awarded to the institution’s BoD members and senior managers; and
2. the staff member performs the professional activity within a material business unit and the activity is of a kind that has a significant impact on the relevant business unit’s risk profile.

In addition, credit institutions should conduct a self-assessment each year, in order to identify all staff whose professional activities have or may have a material impact on the credit institution’s risk profile.

The requirements under Law 4261 are supplemented by Greek law 4548/2018 on sociétés anonymes, the BoG Governor’s Act 2577/2006, as amended, among others, by BoG Governor’s Act 2650/2012 and the BoG Executive Committee Act 158/2019 (implementing in Greece the EBA Guidelines on sound remuneration policies (EBA/GL/2015/22)).

Credit institutions must adopt remuneration policies and practices that promote sound and effective risk management and do not encourage risk taking that exceeds the level of tolerated risk of the institution. Their remuneration policies should set out, among other, the ratio between fixed and variable remuneration and must be gender neutral. The non-executive BoD members must adopt and periodically review the remuneration policy and are responsible for overseeing its implementation, which must be reviewed at least annually by the credit institution’s internal audit function.

Credit institutions must submit to the BoG information in relation to their remuneration policies in accordance with the criteria for disclosure established in points (g), (h), (i) and (k) of Article 450(1) of CRR as well as the information provided by credit institutions on the gender pay gap. The BoG uses that information to benchmark remuneration trends and practices. In addition, the BoG applies a risk-based approach when supervising the remuneration policies of credit institutions and requires credit institutions to take adequate actions in order to remedy any identified deficiencies. Otherwise, the BoG may impose administrative sanctions to credit institutions (such as fines of up to 10% of the turnover of the credit institution).

Greek credit institutions are subject to the Greek AML/CFT legislation which is in line with the EU AML/CFT legislation. More specifically, the main legal basis is the Greek Law 4557/2018 on “prevention and combatting of money laundering and terrorist financing and other provisions”, as amended and in force (the AML Law), implementing in Greece Directives 2015/849/EU (4th AML Directive), 2018/843/EU (5th AML Directive) and 2018/1673/EU (6th AML Directive) and the Decision No 281/5/17.3.2009 of the BoG’s Banking and Credit Committee specifying the obligations of credit, financial and payment institutions under the AML Law, as amended and in force (AML Decision). The Greek legal framework is supplemented by other BoG acts as well as by laws and guidelines adopted at an EU level (such as EBA Guidelines on ML/TF risk factors and customer due diligence).

More specifically, Greek credit institutions are required to comply with the Greek AML rules. Greek credit institutions must adopt AML policy and procedures in accordance with the Greek AML/CFT legislation, which include model risk management practices, customer due diligence, reporting, employee screening, record-keeping, internal control and compliance management such as the appointment of a MLRO (and their deputy) on the basis of their integrity, status, academic background, experience in the relevant field and credit institution’s operations.

In addition, Greek credit institutions must carry out customers’ due diligence (CDD) measures when establishing a business relationship, when carrying out occasional transactions exceeding certain thresholds, when there is a suspicion of money laundering or terrorism financing as well as when there are doubts about the identification data previously obtained. CDD also involves the ongoing monitoring of the business relationship. In the context of the CDD measures, the verification of the relevant data of natural persons is carried out either on the basis of original documents issued by reliable and independent authorities, or, with the explicit and special consent of the natural person, through the transmission of such documents via the electronic platform “eGov-KYC” of the Single Digital Portal of Public Administration.

Operation of Scheme

The Hellenic Deposit and Investment Guarantee Fund (HDIGF or, in Greek, TEKE) is the operator of a) the deposit guarantee scheme, b) the investment compensation scheme, and c) the resolution scheme of Greek credit institutions, which are three distinct schemes. TEKE is governed by Greek Law 4370/2016, as amended (Law 4370), which transposes into Greek law, among others, the Directive on Deposit Guarantee Schemes (Directive 2014/49/EU). TEKE is supervised by the Ministry of Finance.

According to Law 4370, all Greek credit institutions (including their foreign branches) and Greek branches of credit institutions incorporated outside the EU must become members of the deposit coverage scheme held with TEKE. Such participation automatically activates the participation of credit institutions in the TEKE resolution scheme.

Branches of credit institutions incorporated in another EU member state do not participate in TEKE, as they are covered by the Deposit Guarantee Scheme of the respective member state where their registered office is located (home member state). Participation in the investor compensation scheme, which is another department of TEKE, is also mandatory for Greek credit institutions. However, Greek branches of EU member states’ credit institutions may also request to participate in the investor compensation scheme of TEKE for supplemented coverage.

Covered Deposits

TEKE covers deposits held by natural persons or legal entities, irrespective of the currency (eg, deposits in savings accounts, current accounts and time deposits). However, certain deposits are not eligible and therefore are excluded from the coverage protection, namely:

• deposits made by other credit institutions or investment firms on their own behalf and for their own account;
• credit institutions’ own funds;
• deposits arising out of transactions in connection with which there has been a criminal conviction for money laundering;
• deposits by financial institutions, (re-)insurance undertakings, collective investment undertakings, social security funds and occupational pension funds, public authorities and by TEKE;
• debt securities issued by a credit institution and liabilities arising out of own acceptances and promissory notes; and
• deposits whose holder or beneficiary has never been identified.

The maximum level of coverage is set to EUR100,000 per depositor, per credit institution (irrespective of the number of deposit accounts held in the credit institutions, the currency of such deposits and the location of such deposit accounts) with certain limited exemptions where the compensation may be up to EUR300,000 (eg, for sale or expropriation of private residential property, payment of lump-sum retirement benefit or periodical pension benefits, compensation due to termination of employment etc).

Funding of Scheme

An initial contribution must be paid by credit institutions joining the Deposit Compensation Scheme (DCS) of TEKE within one month from the date on which they become members, which is calculated on the basis of Law 4370 and in any case cannot be higher than 8% of the credit institution’s own funds. New members pay the initial contribution in three annual instalments by crediting the dedicated DCS account with the BoG. Regular contributions are paid by credit institutions on an annual basis. The key factors to be considered for calculating the annual regular contributions is the amount of covered deposits and the degree of risk assumed by each credit institution. Within 20 calendar days from the beginning of every year, each credit institution must transmit to TEKE an annual list with the amount of its covered deposits as at the last day of each calendar quarter of the preceding year. By September 30th of every year, credit institutions must also submit to TEKE the data specified by TEKE and refer to the last day of the preceding year, for the purpose of determining the degree of risk assumed by that credit institution. Extraordinary contributions are paid if the available funds of DCS are not sufficient to compensate depositors. Extraordinary contributions must not exceed 0.5% of the covered deposits of each credit institution per calendar year. Higher contributions may be specified by a decision of TEKE’s BoD, with the consent of the BoG.

Greek credit institutions are subject to a general credit banking secrecy obligation pertaining to their banking activities, which means that credit institutions are not allowed to disclose to anyone the information falling within the personal and economic sphere of customers, provided that such information is not public, but is known to the bank as result of its relationship with the customers (including any information, data and transactions pertaining to a client’s banking relationship). The general banking secrecy obligation is very broad and covers information made available to the credit institution in the context of any kind of banking services as set out in Law 4261 (such as deposits, bank loans and other credit facilities, payment operations, guarantees, foreign currency exchange, financial leasing and factoring, credit cards or other means of payment, safe custody services, information relating to the creditworthiness of the clients etc).

The general banking secrecy obligations may be lifted following the client’s explicit consent or due to a specific legislative provision (such as for the detection by the regulatory, fiscal and judicial authorities of tax, criminal or other offenses but subject to strict conditions for the lifting of the general banking secrecy) and following requests made by regulatory, enforcement and tax authorities.

In case of infringement by a credit institution of the general banking secrecy obligation, such credit institution may incur civil liability (the customer whose information has been disclosed without authorisation may claim against the credit institution damages for any monetary loss sustained as a result of the disclosure, including moral damages) whereas the responsible employees may also face criminal liability.

In addition, credit institutions in Greece are bound by strict professional secrecy obligations with respect to clients’ deposits according to Article 1 of the Legislative Decree 1059/1971, as amended and in force (Decree 1059). This obligation is applicable in relation to deposits of any kind (cash and securities) and therefore any information in relation to the deposit cannot be disclosed to third parties.

The provisions of Decree 1059 are strict, constitute mandatory law and may not be waived or restricted even in the case that customers have provided their explicit consent or approval.

Exemptions apply only under special laws or circumstances which are very narrowly construed and assessed. Such professional secrecy requirement is not applicable a) towards creditors who are entitled to request the seizure of the bank account by virtue of a court decision, b) towards the BoG when exercising its supervisory obligations or implementing the monetary or foreign exchange rules, and c) towards the tax authorities in case of debts owed to the public sector. In addition, the professional secrecy obligations in relation to deposits are lifted following a justified request or decision of the competent body in the context of criminal proceedings to the extent that the relevant information is required for the substantiation of the criminal activity. In addition, an exemption from the above has been provided for tackling the tax evasion, and therefore, credit institutions are required to provide to the Ministry of Finance and the competent authorities any necessary information.

Any breach may result in imprisonment for at least six months, and civil liabilities towards the relevant account holders may be invoked.

The CRR and CRD IV (transposed into Law 4261) set out the capital adequacy requirements for credit institutions implementing, to some extent, the respective Basel III standards. Law 4799/2021 has transposed CRD V and BRRD II in Greece. As set out in 10. Horizon Scanning, the EU Commission has published the latest banking package in relation to the capital and prudential regime for credit institutions (CRR3 and CRD VI) in order to be fully aligned with the Basel III framework.

Credit institutions are required to have a minimum paid-up initial capital of EUR18 million. The capital resources that a credit institution is required to maintain may be constituted by a mixture of common equity Tier 1 Capital, Additional Tier 1 Capital and Tier 2 Capital. The CRR contains detailed legal and technical requirements for eligibility of capital instruments. As regards the liquidity requirements, CRD IV and CRR, as amended, provide for quantitative liquidity standards (including the liquidity coverage ratio (LCR) and the net stable funding ratio (NSFR)).

In particular, credit institutions must at all times satisfy the following own-funds requirements (which are expressed as a percentage of the credit institutions’ total risk exposure):

• a Common Equity Tier 1 Capital ratio of 4.5%;
• a Tier 1 Capital ratio of 6%;
• a total capital ratio of 8%; and
• a leverage ratio of 3% (introduced by CRR2 which became binding as of 28 June 2021).

CRR 2 also introduced a leverage ratio buffer requirement for institutions identified as global systemically important institutions (G-SIIs) to be applicable as of 1 January 2023. On 16 February 2021, the EU Commission issued a report and concluded that it does not consider it appropriate to introduce a leverage ratio surcharge for other systemically important institutions (O-SIIs) for the time being.

The combined buffer requirement includes the capital conservation buffer, the countercyclical capital buffer, the global systemically important institutions buffer, the other systemically important institutions buffer and the systemic risk buffer. Law 4261 provides that a capital conservation buffer of 2.5% of credit institution’s total exposures should be maintained so that credit institutions are able to avoid breaches of minimum capital requirements during periods of stress. In the context of its macroprudential supervision, the BoG is responsible for setting the countercyclical capital buffer rate for Greece on a quarterly basis.

From 1 January 2016 to the date of writing in December 2022, the BoG has kept the countercyclical capital buffer rate for Greece at zero percent (ie, at the lowest end of the permissible range), thus not affecting the capital requirements for credit institutions. The O-SII buffer consists of Common Equity Tier 1 Capital and its rate is set by the BoG at a level up to 2% of the total risk exposure amount and is reviewed at least once a year. The BoG has defined that the four Greek systemic credit institutions qualify as O-SSI (and should comply at a solo level, while their parent financial holdings should also comply at a consolidated level) and set the applicable O-SII buffer rates (0.75% for 2022 and 1% for 2023). The combined buffer has been set at 2.5%. for less significant credit institutions and at 3.25% for the four systemic credit institutions in 2022. The BoG has not decided to activate the systemic risk buffer and the global systemic institutions buffer. The BoG has additional macroprudential tools to apply towards credit institutions.

Credit institutions are required to assess the adequacy of their own capital through the Internal Capital Adequacy Assessment Process, which is then subject to review by the regulator in the context of the Supervisory Review and Evaluation Process (SREP) where the results from the stress tests are also assessed. The BoG or the ECB may impose additional capital requirements in the context of the SREP assessment, if such evaluation reveals major deficiencies or in other cases provided by law. In particular, the Pillar Two Requirement (P2R), which is determined on the basis of the SREP, is a credit institution-specific capital requirement which applies additionally in order to cover risks that are underestimated or not covered by the minimum capital requirement. The capital the ECB or BoG asks credit institutions to keep based on the SREP also includes the Pillar Two Guidance (P2G), which indicates to credit institutions the adequate level of capital to be maintained to provide a sufficient buffer to withstand stressed situations. Unlike the P2R, the P2G is not legally binding. While the revised P2G approach was applied in 2022 to make full use of the 2021 stress test and related capital impact simulations, the ECB nevertheless committed to allow credit institutions to operate below the P2G and the combined buffer requirement until at least the end of 2022, due to COVID-19 pandemic.

Following the transposition of CRD V into Greek law, the competent authority may impose additional own funds requirements in accordance with articles 104a et seq thereof. In addition, credit institutions are obliged to set their internal capital at an adequate level of own funds that is sufficient to cover all the risks expected to be covered by a credit institution, and to ensure that the credit institution’s own funds can absorb potential losses resulting from stress scenarios, including those identified under the supervisory stress test. Guidance on additional own funds is provided to credit institutions by competent authorities. The quantitative capital requirements under the CRD IV and CRR are supplemented by the obligation under the BRRD as amended by BRRD II for credit institutions to satisfy at all times a minimum requirement for own funds and eligible liabilities (MREL) which is determined by the competent resolution authority on an annual basis (on a credit institution specific basis). The target for the MREL requirement (as determined under the BRRD II by the resolution authority) is composed of a loss-absorption amount (LAA), which includes the sum of the Pillar One requirements and the Pillar Two requirements as determined by the competent authority, and any requirement in relation to the leverage ratio and a recapitalisation amount (RCA). Greek systemic credit institutions should increase the MREL by 1 January 2026 by EUR16,118 billion pursuant to the BoG report of December 2021.

Resolving a Failing Credit Institution – Resolution Measures

Greek Law 4335/2015, as amended (Law 4335) has incorporated the provisions of Directive (EU) 2014/59 on the credit institution recovery and resolution of credit institutions (BRRD) into Greek legislation, which sets out the legal framework for recovery and resolution of credit institutions and has been amended, in 2021, by Law 4799/2021, transposing BRRD II into Greek law. BRRD (as amended by BRRD II) is, in general, in line with the FSB Key Attributes of Effective Resolution regime, which is a soft law.

In case of a credit institution failure, the provisions of Law 4335 are applicable. More specifically, the credit institution’s BoD, which considers the credit institution to be failing or likely to fail on the basis of certain objective criteria, must notify, without undue delay, the Bank of Greece in accordance with Law 4335 and the Bank of Greece Act No 111/2017.

At an earlier stage of deterioration of credit institutions’ financial conditions, the resolution authorities may adopt one of the early intervention measures provided in Law 4335 (eg, to require the BoD of the credit institution to implement one or more of the arrangements or measures set out in the recovery plan or to require one or more members of the management body to be removed or replaced). In addition, the competent resolution authority may take a resolution action where all the following conditions are met and regardless of whether an early intervention measure has been adopted:

• the credit institution is failing or likely to fail;
• there is no reasonable prospect that any alternative private sector measures or supervisory action would prevent the failure of such credit institution within a reasonable time frame; and
• a resolution action is necessary in the public interest.

In particular, the resolution authorities may use one or more of the following resolution tools:

• the power to transfer to a purchaser shares or other instruments of ownership issued by, or all of any assets, rights or liabilities of, the credit institution under resolution (the “sale of business” tool);
• the power to transfer to a bridge institution, which shall be a legal person that is wholly or partially owned by one or more public authorities and controlled by the resolution authority, shares or other instruments of ownership issued by, or all of any assets, rights or liabilities of, the credit institution under resolution (the “bridge institution” tool);
• the power to transfer assets, rights or liabilities of the credit institution under resolution or of a bridge institution to one or more asset management vehicles (the “asset separation” tool); or
• the write-down and conversion powers in relation to liabilities of a credit institution under resolution (“bail-in” tool).

Other measures can be used to the extent that they conform to the principles and objectives of the resolution set out under the BRRD. In circumstances of extraordinary systemic crisis, the credit institution’s resolution may, as a last resort, involve government financial stabilisation tools consisting of public equity support and temporary public ownership tools. These measures would nonetheless only become available if certain conditions are met, including that the credit institution’s shareholders and creditors bear losses equivalent to 8% of the credit institution’s liabilities.

A special commissioner may be appointed by the resolution authorities to replace the BoD of the credit institution under resolution.

Principles – Protection of Depositors

When applying the resolution tools and exercising the resolution powers, the resolution authorities should take into account certain principles provided under BRRD, including that:

• the shareholders of the credit institution under resolution bear first losses;
• the creditors of the credit institution under resolution bear losses after the shareholders in accordance with the order of priority of their claims under normal insolvency proceedings, save as expressly provided otherwise in Law 4335;
• the creditors of the same class are treated in an equitable manner (unless otherwise provided);
• no creditor shall incur greater losses than would have been incurred if the credit institution had been wound up under normal insolvency proceedings; and
• the covered deposits are fully protected.

In any case, the eligible deposits held with the credit institutions will be protected up to EUR100,000 (covered deposits) and therefore are excluded from the scope of application of the bail-in tool.

If the credit institution’s authorisation is revoked, the credit institution will be mandatorily placed under a special liquidation in accordance with Law 4261. The provisions of the Greek Bankruptcy Code (Law 4738/2020 as amended) may apply additionally to the provisions of the special liquidation of a credit institution, to the extent that they do not contradict with Article 145et seq. of Law 4261 or any delegated BoG acts. Article 145A of Law 4261 provides for the hierarchy of claims in the special liquidation of credit institutions. Law 3458/2006, as amended, incorporates Directive 2001/24/EC in Greece and provides for the special liquidation procedure applicable to credit institutions.

One of the most significant legislative initiatives at an EU level is the EU banking package implementing the Basel III framework (which has not yet been fully implemented in the EU). The EU Commission published a proposal for a regulation amending the CRR as regards requirements for credit risk, credit valuation adjustment (CVA) risk, operational risk, market risk and the output floor, and for a directive amending the CRD IV as regards supervisory powers, sanctions, third-country branches, and environmental, social and governance (ESG) risks. The new provisions aim to ensure that EU credit institutions become more resilient to potential future economic shocks, while contributing to the EU’s recovery from the COVID-19 pandemic and the transition to climate neutrality. Apart from the provisions of the banking package implementing Basel III, there are also provisions going beyond Basel III (such as the credit institutions’ obligation to identify, disclose and manage ESG risks at an individual level, the harmonised framework in relation to fit and proper assessment of key function holders, as well as a new common framework in relation to third country institutions’ branches due to their material footprint in the EU).

In the ESG field, a series of technical standards are expected to be implemented and adopted in 2023, such as implementing technical standards on Pillar Three disclosures on ESG and Joint ESAs regulatory technical standards under the Sustainable Finance Disclosure Regulations. In addition, various guidelines have already been updated or will soon be updated to incorporate ESG-related considerations (such as the guidelines on loan origination, governance, remuneration and SREP). As of 2024, credit institutions will have to disclose their green asset ratio as an indication of their degree of alignment with the EU Taxonomy. In 2022, the ECB carried out a climate risk stress test as part of its annual stress test of significant institutions, since climate change and the transition to net zero carbon emissions pose risks to households and firms, and therefore to the financial sector. Regular climate stress tests are expected to take place on the basis of guidelines on institutions’ ESG risks stress testing.

Although PSD2 has been a paradigm shift for the regulation of payment services, the EBA has identified a number of shortcomings. The EU launched a consultation to assess whether PSD2 is still appropriate, or whether any amendments should be adopted. An upcoming proposal for the revision of PSD2 will aim, inter alia, at contributing to further harmonisation and consistent application of the legal requirements, avoiding regulatory arbitrage, ensuring a level playing field between the different types of payment service providers. The revision of PSD2 (PSD3) will be focused on consumer protection and rules in relation to strong customer authentication, in order to tackle different types of fraud, while the E-money Directive is anticipated to be merged with the PSD2. Apart from the revision of PSD2, the EU Commission unveiled, at the end of October 2022, a proposal for a regulation amending Regulations (EU) No 260/2012 and (EU) 2021/1230 as regards instant credit transfers in euros, in order to force credit institutions to offer instant payments in euros at no extra cost and enable the transfer of money at any time (24/7) and very speedily.

The shift towards a greener and more sustainable economy has become a key priority at a global and EU level. Following the publication of the 2030 Agenda for Sustainable Development by the UN General Assembly (in 2015), setting out the core sustainable development goals (SDGs), the EU Commission took into account these SDGs for the next steps towards a sustainable EU future, and presented the European Green Deal in 2019, whose part is also the European green investment plan aiming to establish a framework to facilitate public and private investments needed for the transition to a climate-neutral, green, competitive and inclusive economy. A series of legislation and other initiatives in relation to the sustainable finance and environmental, social and corporate governance (ESG) factors have also been published at an EU level. ESG has evolved and moved from the sidelines to the forefront of decision-making for an increasing number of credit institutions and investors when making investment decisions in the financial sector, which leads to increased longer-term investments into sustainable economic activities and projects.

In the banking sector the main regulatory and legislative initiatives are the following.

International Level

The most important initiatives for the banking system include, among others, the United Nations Environment Finance Initiative (UNEP FI) and in particular the Principles of Responsible Banking and the Network for Greening the Financial Sector (NGFS). Equally, the Basel Committee adopts initiatives to make the financial system more actively involved in the sustainable transition. It is worth mentioning that the Principles of Responsible Banking have been adopted by the Greek systemic credit institutions (Piraeus Bank, Alpha Bank, Eurobank and National Bank of Greece) which are founding members. The above principles determine the role and responsibilities of the banking sector in the collective effort to shape a sustainable future and the Greek credit institutions that adopted such principles have committed to play a significant role in promoting actions to this end and to harmonise their activities with the global sustainable development goals and the Paris Agreement on climate change. In addition, the Basel Committee on Banking Supervision has advanced work on addressing climate-related financial risks and, during the summer of 2022, published the principles for the effective management and supervision of climate-related financial risks. Equally, the Financial Stability Board created the Task Force on Climate-Related Financial Disclosures (TCFD) to improve and increase reporting of climate-related financial information.

EU Level

After setting sustainable development as a key pillar of its strategy, the EU is aiming to become the first climate-neutral continent. It is already developing a strategy to achieve this goal, while aligning its funding framework with the global sustainable development goals. The EU has developed a targetted framework of actions to finance sustainable growth (EU Action Plan on Financing Sustainable Growth) structured around three main pillars (with ten sub-actions), namely: reorienting capital flows towards a more sustainable economy; mainstreaming sustainability into risk management; and fostering transparency and long-termism.

In the framework of the European Green Deal, the EU urges businesses and public authorities to orient themselves towards economic activities that have a lasting positive impact on the environment and that are either environmentally sustainable or contribute to the transformation of activities to become environmentally sustainable. In this respect, companies (including credit institutions) are already subject to extensive non-financial disclosure requirements and need (or will need) to comply with additional disclosure and organisational requirements in light of Regulation (EU) 2020/852 (Taxonomy Regulation) and include in their non-financial disclosures information on how and to what extent their activities are associated with economic activities that qualify as environmentally sustainable. The Taxonomy Regulation has been supplemented by delegated acts noting that the EU Commission had to come up with the actual list of environmentally sustainable activities by defining technical screening criteria for each environmental objective through delegated acts. In addition, Regulation (EU) 2019/2088, as amended by the Taxonomy Regulation (Sustainable Finance Disclosures Regulation), and Regulation (EU) 2019/2089 on sustainability benchmarks should be taken into account in the ESG framework. As of 2022 and in accordance with the aforementioned legislation (including the EBA technical standards) EU credit institutions must disclose information on ESG issues.

The EU launched numerous initiatives for financing the green and sustainable economy and for the support of the EU goal to be carbon neutral by 2050; eg, EIB group climate credit institution roadmap 2021–2025 and EBRD’s Green Economy transition approach.

Credit institutions, like other financial sector participants, are required therefore to adjust their business models and develop plans to align their balance sheets with this transition to the sustainable economy as well as to monitor and comply with the ESG legislative developments.

In November 2020, the ECB published a guide on climate-related and environmental risks (supervisory expectations relating to risk management and disclosure). However, following a supervisory assessment of credit institutions’ climate related and environmental risks disclosures, it concluded (as per its report of March 2022) that credit institutions do not fully meet ECB’s expectations on disclosure of climate and environmental risks. Supervisors informed credit institutions of shortcomings and published examples of good practice. The focus of the ECB on the ESG field, and in particular the climate-related and environmental risks, is included in the list of the three priorities for the years of 2022–2024 identified by the ECB along with national authorities.

In addition, the EBA also published a report on management and supervision of ESG risks for credit institutions and investment firms (EBA/REP/2021/18) which provides credit institutions with common definitions of ESG risks and their transmission channels and identifies evaluation methods that are needed for effective risk management. In early 2022, the EBA also published binding standards on Pillar Three disclosures on ESG risks to ensure that stakeholders are well informed on credit institutions’ ESG exposures, risks, and strategies and can make informed decisions and exercise market discipline.

As mentioned in 10. Horizon Scanning, one of the most significant legislative initiatives is the EU banking package implementing the Basel III framework, which will, among other things ensure the EU’s transition to climate neutrality. The EU has also published a proposal for a regulation on European green bonds.

National Level

In general, Greece follows the path adopted by the EU, since the majority of the provisions are adopted in the form of regulations which are directly applicable throughout the EU. In the same way, in 2021, the BoG established the Climate Change and Sustainability Centre (CCSC) in order to continue the work being done in the previous years, when the Climate Change Impacts Study Committee (CCISC) was set up. The focus of the BoG is turning towards the compliance of credit institutions with the ESG principles and requirements, taking into account the reports and guidelines of EU regulators.

In addition, Greece’s first climate law (Law 4936/2022) was enacted in May 2022 by the Hellenic Parliament, aiming at establishing a coherent framework for improving the climate resilience of Greece. Under the new law a wide list of undertakings, including credit institutions, is bound by carbon reporting obligations. The reports will be uploaded on a publicly accessible electronic database operated by the Organisation of Natural Environment and Climate Change (with 2022 as a reference year).