Greece operates a fully EU-integrated banking and finance system governed by a layered framework of national statutes, Bank of Greece directives and directly applicable EU regulations. For international businesses, lenders and investors, understanding this framework is essential before entering the Greek market - whether through a lending arrangement, a fintech licence or a project finance structure. The Greek banking sector has undergone profound restructuring over the past decade, producing a consolidated landscape of four systemic banks alongside a growing non-bank financial sector. This article maps the legal architecture, identifies the key instruments and procedures, and highlights the practical risks that foreign clients consistently underestimate.
Greek banking law rests on a set of interlocking statutes. Law 4261/2014 (Access to the Activity of Credit Institutions and Prudential Supervision) is the primary licensing and prudential statute, transposing the EU Capital Requirements Directive IV (CRD IV) into Greek law. It defines credit institutions, sets out capital adequacy requirements and establishes the supervisory powers of the Bank of Greece (Τράπεζα της Ελλάδος), the national central bank and primary prudential regulator.
Law 4514/2018 transposed MiFID II and governs investment firms, trading venues and the provision of investment services. The Hellenic Capital Market Commission (Επιτροπή Κεφαλαιαγοράς, HCMC) supervises investment services firms, while the Bank of Greece supervises credit institutions. These two regulators share jurisdiction over certain hybrid entities, which creates a dual-approval dynamic that international clients frequently overlook.
Law 4557/2018 (Prevention and Suppression of Money Laundering and Terrorist Financing) is the AML statute, transposing the EU's Fourth Anti-Money Laundering Directive. It was subsequently amended to incorporate Fifth AMLD requirements. Obliged entities - including banks, payment institutions, lawyers in certain transactions and real estate agents - must implement customer due diligence, enhanced due diligence for high-risk relationships and ongoing monitoring programmes.
Law 4370/2016 governs payment services and electronic money institutions, transposing PSD2. Law 4548/2018 is the Companies Act governing sociétés anonymes (Ανώνυμη Εταιρεία, AE), which is the standard vehicle for licensed financial entities. Taken together, these statutes create a dense but coherent regulatory environment that largely mirrors the EU single rulebook.
A non-obvious risk for foreign investors is the interaction between EU-level regulations - which apply directly without national transposition - and Greek implementing legislation. Where conflicts arise, EU law prevails, but Greek administrative practice may lag behind, creating procedural friction at the licensing stage.
Obtaining a banking licence in Greece requires authorisation from the Bank of Greece under Law 4261/2014, Article 8. The application must demonstrate minimum initial capital of EUR 5 million for credit institutions (higher thresholds apply depending on the business model), a credible business plan covering at least three years, fit-and-proper assessments of all qualifying shareholders and management board members, and adequate internal governance arrangements.
The Bank of Greece coordinates with the European Central Bank (ECB) under the Single Supervisory Mechanism (SSM) for significant institutions. For less significant institutions, the Bank of Greece retains direct supervisory competence but must notify the ECB. This dual-layer process adds time: applicants should budget at least 12 months from submission of a complete application to receipt of authorisation, and often longer where the ECB's non-objection is required.
Payment institutions and electronic money institutions follow a lighter regime under Law 4370/2016. Minimum capital requirements start at EUR 20,000 for certain payment services and rise to EUR 350,000 for money remittance. The Bank of Greece processes these applications within three months of receiving a complete file, per the statutory deadline in Article 11 of Law 4370/2016. In practice, requests for supplementary information frequently interrupt this clock.
A common mistake made by international fintech operators is assuming that a passport from another EU member state automatically enables full operations in Greece without local notification. EU passporting under PSD2 and CRD IV does allow cross-border services, but providing services through a branch in Greece requires prior notification to the Bank of Greece, which then has 30 days to communicate the notification to the home regulator. Failure to complete this step before commencing branch operations constitutes a regulatory breach.
Practical scenario one: a UK-incorporated payment institution seeking to serve Greek merchants post-Brexit no longer benefits from EU passporting. It must either establish a Greek subsidiary and obtain a local licence, or operate through an EEA-licensed entity. The cost of establishing and licensing a Greek payment institution - including legal fees, compliance infrastructure and minimum capital - typically starts from the low tens of thousands of EUR in professional fees alone, before capital requirements.
To receive a checklist for banking and payment institution licensing in Greece, send a request to info@vlolawfirm.com.
Greek lending law distinguishes between consumer credit, mortgage credit and commercial lending, each subject to different protective regimes. Law 4438/2016 transposed the Mortgage Credit Directive (MCD) and governs residential mortgage lending, imposing pre-contractual disclosure obligations, standardised European Standardised Information Sheets (ESIS) and conduct-of-business requirements on creditors and credit intermediaries.
Consumer credit is governed by Law 3758/2009 (as amended), which implements the Consumer Credit Directive. It requires clear disclosure of the Annual Percentage Rate (APR), the right of withdrawal within 14 days of conclusion of the agreement, and restrictions on certain penalty clauses. Greek courts have historically been willing to strike down disproportionate penalty interest clauses under Article 281 of the Civil Code (Αστικός Κώδικας), which codifies the general principle of abuse of rights.
Commercial lending is less prescriptively regulated, but lenders must still comply with general contract law under the Civil Code and with AML obligations under Law 4557/2018. Security structures in commercial lending typically involve:
The pre-notation of mortgage is particularly important in Greek practice. It is a provisional security right registered at the Land Registry (Κτηματολόγιο or Υποθηκοφυλακείο) that can be converted into a full mortgage upon satisfaction of the secured claim. It is faster and cheaper to register than a full mortgage and is the standard instrument in project finance and real estate lending. Registration requires a notarial deed and submission to the relevant Land Registry office, with registration typically completed within a few days of submission.
A non-obvious risk in Greek mortgage lending is the incomplete cadastral registration of many properties, particularly on islands and in rural areas. Where a property is not yet registered in the Hellenic Cadastre (Κτηματολόγιο), the older mortgage registry (Υποθηκοφυλακείο) applies. Lenders must verify which system governs the specific property before structuring security, as errors in registry selection can render security unenforceable.
Practical scenario two: a foreign private equity fund extending a EUR 15 million secured loan to a Greek operating company must structure security over both real estate and share capital. The fund's lawyers must verify cadastral status of each property, conduct a title search going back at least 20 years, and ensure that the pledge over shares is registered in the company's share register and, for AEs, notified to the General Commercial Registry (ΓΕΜΗ). Omitting the ΓΕΜΗ notification step is a recurring error that can affect priority against third parties.
Law 4557/2018 imposes a comprehensive AML compliance framework on Greek obliged entities. The statute requires each obliged entity to appoint a dedicated AML compliance officer, conduct a documented business-wide risk assessment, implement customer due diligence (CDD) procedures and maintain transaction monitoring systems capable of detecting suspicious activity.
Customer due diligence under Article 13 of Law 4557/2018 requires identification and verification of the customer's identity, identification of the beneficial owner (defined as any natural person holding more than 25% of shares or voting rights, or exercising control by other means), and understanding of the purpose and intended nature of the business relationship. Enhanced due diligence applies to politically exposed persons (PEPs), high-risk third countries and complex or unusually large transactions.
The Financial Intelligence Unit of Greece (Αρχή Καταπολέμησης της Νομιμοποίησης Εσόδων από Εγκληματικές Δραστηριότητες, AMLC) receives suspicious transaction reports (STRs) from obliged entities. Failure to file an STR when there are reasonable grounds for suspicion constitutes a criminal offence under Article 45 of Law 4557/2018, carrying significant penalties for both the entity and responsible individuals.
In practice, it is important to consider that Greek AML enforcement has intensified following recommendations from the Financial Action Task Force (FATF) and Moneyval assessments. The Bank of Greece and HCMC have both issued supervisory circulars tightening expectations around beneficial ownership verification and correspondent banking relationships. International banks maintaining correspondent relationships with Greek banks should expect enhanced due diligence requests.
A common mistake by international clients is treating Greek AML compliance as a box-ticking exercise rather than a substantive risk management function. Greek regulators now conduct thematic inspections focused on the quality of CDD files, the adequacy of transaction monitoring parameters and the independence of the compliance function. Deficiencies identified during inspection can result in administrative fines, public censure and, in serious cases, licence suspension.
The Central Beneficial Ownership Registry (Κεντρικό Μητρώο Πραγματικών Δικαιούχων), maintained by the General Secretariat for Information Systems, requires all Greek legal entities to register their beneficial owners. Failure to register or to keep the register current is a separate administrative infraction under Law 4557/2018, Article 20, with fines escalating for continued non-compliance. Foreign investors acquiring stakes in Greek entities must ensure that the registry is updated within 60 days of any change in beneficial ownership.
To receive a checklist for AML compliance programme implementation in Greece, send a request to info@vlolawfirm.com.
Greece has adopted EU-level fintech regulation largely through direct application of EU instruments. The EU Crowdfunding Regulation (ECSPR, Regulation 2020/1503) applies directly and is supervised by the HCMC for investment-based crowdfunding platforms. Platforms wishing to operate in Greece must obtain an ECSPR licence from the HCMC, which follows the EU-standard 90-day review process from receipt of a complete application.
The Markets in Crypto-Assets Regulation (MiCA, Regulation 2023/1114) applies directly across the EU, including Greece, and is phased in over 2024-2025. Crypto-asset service providers (CASPs) previously registered under the transitional Greek regime must migrate to full MiCA authorisation. The HCMC is the designated competent authority for MiCA in Greece. Existing CASPs benefit from a transitional period, but new entrants must apply for full MiCA authorisation from the outset.
Open banking under PSD2 is implemented through Law 4370/2016. Account information service providers (AISPs) and payment initiation service providers (PISPs) must register with or obtain authorisation from the Bank of Greece. Greek banks are required to provide access to payment account data through dedicated interfaces (APIs), though the quality and reliability of these interfaces has been a practical friction point for fintech operators building on top of Greek bank infrastructure.
The Digital Operational Resilience Act (DORA, Regulation 2022/2554) applies directly to Greek financial entities from January 2025. It imposes ICT risk management, incident reporting and third-party risk management obligations on credit institutions, investment firms, payment institutions and other regulated entities. Greek financial entities must have completed their DORA gap assessments and remediation programmes. Supervisors have indicated that ICT incident reporting timelines - initial notification within four hours of classification as a major incident - will be strictly enforced.
Practical scenario three: a fintech startup incorporated in Estonia wishes to offer buy-now-pay-later (BNPL) services to Greek consumers. Depending on the credit terms offered, the service may qualify as consumer credit under Law 4438/2016 or Law 3758/2009, requiring either a credit institution licence or a consumer credit intermediary registration. The startup must also comply with Greek consumer protection law under Law 2251/1994 and GDPR as implemented by Law 4624/2019. Launching without a proper regulatory mapping exercise exposes the operator to enforcement action by the Bank of Greece, the HCMC and the Hellenic Data Protection Authority (HDPA).
Many fintech operators underappreciate the interaction between Greek consumer protection law and EU-level financial regulation. Greek courts and regulators apply consumer protection rules with considerable vigour, and contractual terms that are standard in other jurisdictions may be challenged as unfair under Law 2251/1994, Article 2.
Project finance in Greece follows international market conventions but operates within a Greek legal and regulatory environment that has specific characteristics. The typical structure involves a special purpose vehicle (SPV) incorporated as an AE or, increasingly, as a private company (Ιδιωτική Κεφαλαιουχική Εταιρεία, IKE) under Law 4072/2012, which holds the project assets and is the borrower under the financing documents.
Security packages in Greek project finance typically include:
The enforceability of security in Greek law has historically been a concern for international lenders, particularly regarding the speed of enforcement. Law 3869/2010 (the household insolvency law, commonly known as the Katseli Law) created a moratorium mechanism for over-indebted individuals that, in practice, was used to delay enforcement of mortgage security. Subsequent reforms under Law 4738/2020 (the Insolvency Code, Πτωχευτικός Κώδικας) have rationalised the insolvency framework and introduced a new out-of-court workout mechanism (Εξωδικαστικός Μηχανισμός Ρύθμισης Οφειλών) that is relevant for project companies facing financial distress.
Law 4738/2020 introduced a pre-insolvency restructuring procedure (Διαδικασία Εξυγίανσης) modelled on the EU Restructuring Directive. It allows a debtor to propose a restructuring plan to creditors, which can be approved by a qualified majority and confirmed by the court. The court confirmation process typically takes 30 to 60 days from filing of the application, though contested cases take longer. This mechanism is increasingly used in real estate and energy project restructurings.
Syndicated lending in Greece follows Loan Market Association (LMA) documentation conventions, adapted for Greek law security. The intercreditor agreement, which governs the relationship between senior lenders, mezzanine lenders and the borrower, must be carefully drafted to ensure that its enforcement waterfall provisions are consistent with Greek insolvency law priorities under Law 4738/2020. A non-obvious risk is that certain subordination arrangements that are effective under English law may require specific formalities under Greek law to be enforceable against third parties and in insolvency.
Renewable energy project finance has become a significant segment of the Greek market, driven by the national energy transition programme and EU funding. Projects benefit from feed-in tariff or feed-in premium arrangements under Law 4685/2020 (the Energy Transition Law). Lenders must verify that the project holds a valid electricity production licence from the Regulatory Authority for Energy (Ρυθμιστική Αρχή Ενέργειας, RAE) and that all environmental permits are in place, as defects in permitting are a common cause of financing delays.
The cost of legal advisory services for a mid-size Greek project finance transaction - typically in the EUR 20 million to EUR 100 million range - usually starts from the low tens of thousands of EUR for Greek law counsel, with additional costs for international counsel where LMA documentation is used. State registration fees for security interests vary depending on the value of the secured obligation and the type of security.
To receive a checklist for structuring project finance security in Greece, send a request to info@vlolawfirm.com.
What are the main practical risks for a foreign bank entering the Greek market through a branch?
A foreign EEA bank passporting into Greece through a branch must complete the notification procedure under Law 4261/2014 before commencing operations. The branch is subject to Greek AML law in full, meaning it must appoint a local AML compliance officer and file STRs with the Greek AMLC independently of the head office's home-country obligations. A common error is assuming that the head office's AML programme automatically satisfies Greek requirements - it does not, and the Bank of Greece has taken enforcement action against branches that failed to maintain autonomous compliance functions. The branch must also comply with Greek consumer protection law for retail-facing activities, which may require adaptation of standard product documentation.
How long does it take to enforce a pledge over shares in a Greek company, and what does it cost?
Enforcement of a pledge over shares in a Greek AE or IKE depends on whether the pledge agreement contains an out-of-court enforcement clause. Under Law 2844/2000, Article 3, a pledge over movable assets including shares can be enforced out of court if the pledge agreement expressly provides for this and the pledgee holds a notarial deed or other qualifying instrument. Out-of-court enforcement through a public auction can be completed within 30 to 60 days of the enforcement notice. Judicial enforcement through the civil courts takes considerably longer - typically six to eighteen months depending on court workload and any debtor challenges. Legal fees for enforcement proceedings start from the low thousands of EUR for straightforward cases and rise significantly for contested matters.
When should a lender consider using the out-of-court workout mechanism under Law 4738/2020 rather than insolvency proceedings?
The out-of-court workout mechanism (Εξωδικαστικός Μηχανισμός) is appropriate when the borrower is a viable business facing temporary liquidity difficulties and the majority of creditors are willing to negotiate. It is faster and less costly than formal insolvency, and it preserves the borrower's business relationships and licences. Formal insolvency proceedings under Law 4738/2020 are more appropriate when the borrower is not viable, when a minority of creditors is blocking a reasonable restructuring, or when the lender needs the court's cram-down power to bind dissenting creditors. The choice between these paths has significant implications for security enforcement: the automatic stay in formal insolvency proceedings suspends enforcement of security for the duration of the restructuring phase, whereas the out-of-court mechanism does not impose an automatic stay on secured creditors.
Greece's banking and finance legal framework is sophisticated, EU-aligned and actively enforced. For international clients, the key challenges are navigating the dual supervisory structure of the Bank of Greece and the HCMC, ensuring robust AML compliance that meets Greek regulatory expectations, structuring security correctly under Greek property and company law, and understanding the reformed insolvency tools available under Law 4738/2020. The fintech and project finance segments offer genuine opportunities, but both require careful regulatory mapping before commitment of capital or resources.
Our law firm VLO Law Firm has experience supporting clients in Greece on banking, finance and regulatory matters. We can assist with licensing applications, AML compliance programme design, security structuring, project finance documentation and enforcement proceedings. To receive a consultation, contact: info@vlolawfirm.com.