Greece -- Custody Regulations Regulatory Overview

Greece, as a member of the European Union, operates within the framework of both national legislation and directly applicable EU regulations. Currently, the most significant regulatory frameworks impacting cryptocurrency/digital asset custody in Greece are the national transposition of the EU Anti-Money Laundering Directives (AMLDs) and the upcoming, comprehensive EU Markets in Crypto-Assets Regulation (MiCA).

Here's a breakdown:

Current Regulatory Landscape (Pre-MiCA)

Before MiCA fully applies, the primary regulatory impact on crypto custody providers in Greece stems from Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) obligations.

1. Custodial License Requirements (for AML/CTF purposes):

   • Greek Law: Greece has transposed the 5th and 6th EU Anti-Money Laundering Directives (AMLDs) into national law, primarily through Law 4557/2018 (Official Gazette A' 139/2018), as amended. This law identifies "providers of services of exchange between virtual currencies and fiat currencies" and "custodian wallet providers" as 'obliged entities' for AML/CTF purposes.
   • Registration: Such entities are required to register with the Hellenic Capital Market Commission (HCMC), which is designated as the competent authority for the supervision of Virtual Asset Service Providers (VASPs) for AML/CTF purposes. This registration is not a prudential license specifically for custody, but rather a registration to lawfully operate while fulfilling AML obligations.
   • Regulatory Reference:
     • Law 4557/2018: Articles 3(g) and 10(1) define "providers of services of exchange between virtual currencies and fiat currencies" and "custodian wallet providers" and subject them to AML/CTF obligations. (Access via Greek Government Gazette - note: direct English translation URLs for specific articles are often unavailable, but the law number and official gazette are the authoritative reference).
     • Hellenic Capital Market Commission (HCMC): The HCMC maintains a register of VASPs. Further details can be found on their official website under their supervisory mandates: https://www.hcmc.gr/ (Navigate to "Supervision" -> "Other Supervised Entities" or "Virtual Asset Service Providers").

2. Segregation of Client Assets Rules:

   • Current Greek Law: There are no specific Greek laws explicitly mandating segregation of client crypto assets from a custodian's own assets purely under the existing AML/CTF framework. AMLD focuses on identifying beneficial ownership and transaction monitoring, not prudential segregation.
   • However, general principles of good corporate governance and fiduciary duty would strongly encourage segregation, and any regulated financial institution providing such services would typically segregate assets based on existing financial services laws (though crypto assets aren't yet fully integrated into these frameworks).

3. Insurance/Bonding Requirements:

   • Current Greek Law: There are no specific Greek regulatory mandates for insurance or bonding requirements tailored specifically for crypto asset custodians under the current AML/CTF framework. General business insurance would apply, but not a specific prudential requirement related to crypto custody risks.

4. Cold Storage Mandates:

   • Current Greek Law: No explicit Greek regulatory mandates for the use of cold storage for crypto assets. The AML/CTF framework focuses on identifying risks and implementing controls, not prescribing specific technological storage methods. However, robust security measures, which would typically include cold storage for a significant portion of assets, would be considered best practice to mitigate operational and security risks.

5. Qualified Custodian Definitions:

   • Current Greek Law: There is no specific definition of a "qualified custodian" for crypto assets under current Greek law. The term "custodian wallet provider" is used within the AML/CTF context, referring to entities that provide services to safeguard private cryptographic keys on behalf of their customers, to hold, store and transfer virtual currencies. This definition is for AML purposes, not a prudential "qualified custodian" designation akin to traditional finance.

Pending Custody Legislation (MiCA)

The EU Markets in Crypto-Assets Regulation (MiCA - Regulation (EU) 2023/1114) will significantly transform the regulatory landscape for crypto asset custody across the EU, including Greece. MiCA is a directly applicable regulation, meaning it will not require national transposition into Greek law, although Greece will need to designate competent national authorities (likely the HCMC) for its implementation and supervision.

Key MiCA Provisions for Custody (applicable from December 30, 2024):

1. Custodial License Requirements:

   • MiCA: MiCA introduces a comprehensive licensing regime for "crypto-asset service providers" (CASPs). Specifically, providing "custody and administration of crypto-assets on behalf of clients" is defined as a crypto-asset service requiring prior authorization from a competent national authority (e.g., HCMC in Greece).
   • Authorization: CASPs seeking to provide custody services will need to apply for and obtain an authorization, demonstrating compliance with various organizational, operational, and prudential requirements.
   • Regulatory Reference:
     • MiCA Regulation (EU) 2023/1114:
       • Article 3(1)(10): Defines "custody and administration of crypto-assets on behalf of clients."
       • Article 59: Outlines the authorization requirements for CASPs.
       • Article 67: Specifies the operating conditions for crypto-asset service providers providing custody and administration of crypto-assets on behalf of clients.
     • EUR-Lex link to MiCA: https://eur-lex.europa.eu/eli/reg/2023/1114/oj

2. Segregation of Client Assets Rules:

   • MiCA: MiCA explicitly mandates strict segregation of client assets.
   • Requirement: CASPs providing custody services must keep client crypto-assets separate from their own assets and ensure that client fiat funds are held with credit institutions or central banks and kept separate from their own funds. Client assets must not be used for the CASP's own account.
   • Regulatory Reference:
     • MiCA Regulation (EU) 2023/1114, Article 67(2) & (3): "A crypto-asset service provider authorised for the custody and administration of crypto-assets on behalf of clients shall make adequate arrangements to safeguard the ownership rights of clients, especially in the event of the crypto-asset service provider's insolvency, and to prevent the use of clients' crypto-assets for its own account." and "A crypto-asset service provider authorised for the custody and administration of crypto-assets on behalf of clients shall keep clients' crypto-assets segregated from its own crypto-assets."

3. Insurance/Bonding Requirements:

   • MiCA: MiCA introduces prudential safeguards for CASPs, including specific requirements for professional indemnity insurance or own funds.
   • Requirement: CASPs providing custody services must hold either professional indemnity insurance or own funds equivalent to a minimum of €50,000 to €150,000 (depending on the services provided) or 50% of the fixed overheads of the preceding year, whichever is higher.
   • Regulatory Reference:
     • MiCA Regulation (EU) 2023/1114, Article 67(10): "A crypto-asset service provider authorised for the custody and administration of crypto-assets on behalf of clients shall hold a professional indemnity insurance or own funds..."

4. Cold Storage Mandates:

   • MiCA: While MiCA doesn't explicitly mandate "cold storage," it requires CASPs to establish, maintain, and implement adequate policies and procedures to ensure the safekeeping of clients' crypto-assets and associated access tools. It also requires robust operational resilience and security.
   • Requirement: CASPs must have a robust internal governance framework, sound administrative and accounting procedures, and effective control and safeguard arrangements for IT systems. These general requirements strongly imply the necessity of secure storage solutions, which would typically include cold storage for a significant portion of client assets.
   • Regulatory Reference:
     • MiCA Regulation (EU) 2023/1114, Article 67(4): "firms providing custody and administration of crypto-assets on behalf of clients shall establish, maintain and implement adequate policies and procedures to ensure the safekeeping of clients' crypto-assets and the associated access tools."
     • MiCA Regulation (EU) 2023/1114, Article 70: Operational resilience requirements.

5. Qualified Custodian Definitions:

   • MiCA: Under MiCA, entities authorized to provide "custody and administration of crypto-assets on behalf of clients" will effectively be the "qualified custodians" within the EU framework. The authorization process ensures they meet the stringent requirements of MiCA.
   • Regulatory Reference:
     • MiCA Regulation (EU) 2023/1114, Article 3(1)(10): Defines the service.
     • MiCA Regulation (EU) 2023/1114, Article 59: Details the authorization process.

Summary for Greece:

• Currently: Crypto custody providers in Greece are primarily subject to AML/CTF obligations under Law 4557/2018, requiring registration with the HCMC. There are no specific prudential rules for segregation, insurance, or cold storage for crypto custody yet.
• Future (from December 30, 2024): The MiCA Regulation will directly apply. Crypto custody providers will need a full authorization from the HCMC as a CASP, and will be subject to strict rules on client asset segregation, professional indemnity insurance/own funds, and robust security/operational resilience (implicitly including secure storage practices like cold storage). These authorized entities will effectively be Greece's "qualified custodians" for crypto assets.