Greece -- Licensing Requirements Regulatory Overview

Greece, as a member state of the European Union, currently operates under a national regulatory framework for virtual assets, primarily focused on Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) obligations. However, this is set to be significantly overhauled and harmonized by the EU's Markets in Crypto-Assets Regulation (MiCA), which will introduce a comprehensive licensing regime.

Here's a breakdown of the current and upcoming requirements:

Current Regime (Pre-MiCA Full Application): Registration-based

Before the full application of MiCA (December 2024 for most crypto-assets), Greece operates a registration regime for Virtual Asset Service Providers (VASPs).

1. Competent Authority: The Hellenic Capital Market Commission (HCMC) is the primary supervisory authority for Virtual Asset Service Providers (VASPs) in Greece concerning AML/CFT obligations.

2. Legal Basis: The current framework is primarily based on:

• Law 4557/2018 (as amended), which transposed the EU's 5th Anti-Money Laundering Directive (AMLD5) and 6th Anti-Money Laundering Directive (AMLD6) into national law. This law defines "providers of services of virtual assets" and mandates their registration.
• HCMC Decision No. 2/902/10.03.2021 (and subsequent amendments), which provides further details on the registration process and ongoing obligations.

3. Required Registration (for VASPs): Under Law 4557/2018, entities that provide services related to virtual assets must register with the HCMC. This includes:

• Exchanges: Providers engaged in the exchange between virtual assets and fiat currencies, or between one or more virtual assets.
• Custody Providers: Providers that offer custodian wallet services, holding, storing, and transferring virtual assets or private cryptographic keys on behalf of customers.
• Transfer Services: Services enabling the transfer of virtual assets.
• Other VASP Activities: Participation in and provision of financial services related to an issuer’s offer and/or sale of virtual assets, and providing virtual asset safekeeping and administration services.

4. Key Requirements for Registration:

• AML/KYC Framework:
  • Establish and implement robust AML/CFT policies, procedures, and internal controls in line with national and EU requirements.
  • Conduct customer due diligence (CDD) and enhanced due diligence (EDD) where necessary.
  • Monitor transactions for suspicious activities and report them to the Hellenic Financial Intelligence Unit (FIU).
  • Appoint an AML Compliance Officer and potentially a Deputy AML Compliance Officer.
  • Regular staff training on AML/CFT.
• Fit & Proper Requirements:
  • Management and key personnel must demonstrate integrity, competence, and absence of criminal records.
  • Shareholders holding significant stakes may also be subject to assessment.
• Local Presence:
  • While not explicitly always requiring a physical office, the VASP must be incorporated in Greece and have its management and operational base within the country to effectively comply with Greek AML/CFT laws and HCMC supervision.
• Capital Requirements:
  • The national AML regime does not impose specific initial capital requirements as stringent as a licensing regime. However, VASPs are expected to have adequate financial resources to operate responsibly and comply with their obligations. The HCMC will assess the financial soundness as part of the registration.

5. Application Process (Registration):

1. Preparation: Gather all required documentation, including internal AML/KYC policies, business plan, organizational structure, CVs and fit & proper declarations for management/shareholders, proof of incorporation.
2. Submission: Submit the complete application package to the HCMC.
3. Review: The HCMC reviews the application for compliance with Law 4557/2018 and related decisions. They may request additional information or clarifications.
4. Decision: If approved, the VASP is entered into the HCMC's "Register of Providers of Services of Virtual Assets."

Regulatory References (Current Regime):

• Hellenic Capital Market Commission (HCMC) - Virtual Assets Page:
  • https://www.hcmc.gr/en_US/web/portal/virtual-assets
• Law 4557/2018 (in Greek):
  • FEK A 139/01.08.2018 - You would typically find consolidated versions via government legal databases in Greece, e.g., e-nomothesia, but the official gazette reference is the primary source.
• HCMC Decision No. 2/902/10.03.2021 (in Greek, related to registration):
  • Often found on the HCMC website under "Decisions" or "Legal Framework."

Future Regime (Post-MiCA Full Application): Licensing-based

The EU's Markets in Crypto-Assets Regulation (MiCA) (Regulation (EU) 2023/1114) will fundamentally change the landscape, moving from a national registration-based system to a harmonized licensing regime across the EU.

• Timeline:
  • 30 June 2024: Rules for asset-referenced tokens (ARTs) and e-money tokens (EMTs) begin to apply.
  • 30 December 2024: Rules for all other crypto-assets and Crypto-Asset Service Providers (CASPs) begin to apply.

1. Competent Authority: The Hellenic Capital Market Commission (HCMC) will continue to be the competent authority in Greece for authorizing and supervising CASPs under MiCA.

2. Legal Basis:

• Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA):
  • https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023R1114

3. Required Licenses (for CASPs): MiCA introduces specific authorization requirements for entities providing crypto-asset services, which include (among others):

• Operating a trading platform for crypto-assets: This covers exchanges.
• Custody and administration of crypto-assets on behalf of clients: This covers custody providers.
• Exchange of crypto-assets for fiat currency or other crypto-assets.
• Reception and transmission of orders for crypto-assets.
• Placing of crypto-assets.
• Providing advice on crypto-assets.
• Portfolio management on crypto-assets.

4. Key Requirements for MiCA Licensing:

• Capital Requirements:
  • MiCA introduces specific and often higher initial capital requirements based on the type of services offered (e.g., Article 67). For example:
    • Receiving and transmitting orders, providing advice, and portfolio management: €50,000.
    • Execution of orders on behalf of clients, exchange of crypto-assets, placing of crypto-assets: €125,000.
    • Custody and administration of crypto-assets and operation of a trading platform: €150,000.
    • These may be higher if the firm also holds client funds/crypto-assets.
• Operational & Governance Requirements:
  • Robust governance arrangements, including clear lines of responsibility.
  • Effective internal control mechanisms.
  • Adequate IT systems, security protocols, and operational resilience.
  • Business continuity plan.
  • Complaint handling procedures.
  • Conflict of interest policies.
• Fit & Proper Requirements:
  • Management board members and significant shareholders must meet strict "fit and proper" criteria, including reputation, knowledge, skills, and experience.
• AML/KYC Framework:
  • CASPs must comply with MiCA's enhanced AML/CFT provisions, which are designed to integrate with the broader EU AML framework. This includes comprehensive risk assessments, CDD/EDD, transaction monitoring, and suspicious transaction reporting.
• Local Presence:
  • A CASP must have its registered office in a Member State of the EU and have at least one of its directors residing in the Union (Article 60(5)).
• Consumer Protection & Disclosure:
  • Detailed information disclosures for clients regarding risks, fees, and the nature of services.
  • Prudential safeguards (e.g., segregation of client assets).

5. Application Process (Licensing under MiCA):

1. Pre-Application (Optional): Some firms may engage in pre-application discussions with the HCMC.
2. Preparation of Comprehensive Documentation: This is significantly more detailed than for registration, requiring:
   • A detailed business plan.
   • Proof of initial capital.
   • Comprehensive governance arrangements, internal controls, risk management framework.
   • Detailed IT and security policies.
   • Fit & proper assessments for all relevant individuals.
   • AML/CFT manual.
   • Client disclosure documents.
3. Submission: The application is submitted to the HCMC.
4. Review & Assessment: The HCMC undertakes a thorough review, potentially consulting with other EU authorities. They have a defined timeframe for decision-making (typically 90 working days from the submission of a complete application).
5. Decision: If authorized, the CASP can then passport its services across all other EU member states.

Specific Entities Summary:

• Exchanges (Operating a trading platform for crypto-assets, exchange crypto-assets for fiat/other crypto):
  • Current: Require registration as a VASP with the HCMC under Law 4557/2018.
  • Future (from Dec 2024): Require a MiCA license as a Crypto-Asset Service Provider (CASP) from the HCMC.
• Custody Providers (Custody and administration of crypto-assets on behalf of clients):
  • Current: Require registration as a VASP with the HCMC under Law 4557/2018.
  • Future (from Dec 2024): Require a MiCA license as a Crypto-Asset Service Provider (CASP) from the HCMC.
• Payment Processors:
  • This depends on what they "process":
    • Processing fiat payments for crypto businesses: If they solely handle fiat currency transactions (e.g., converting euros to dollars for a crypto exchange, or facilitating bank transfers), they would likely fall under traditional payment services regulations (e.g., PSD2/EMI license) supervised by the Bank of Greece, not crypto-specific rules.
    • Processing crypto payments (e.g., facilitating payments directly in crypto-assets, or conversion services involving crypto-assets): These activities would classify them as VASPs now and CASPs under MiCA, requiring registration/licensing as described above.

Registration vs. Licensing Regime:

• Registration Regime (Current): Primarily focused on AML/CFT compliance. While it requires adherence to certain standards, it is generally less comprehensive in terms of capital, operational, governance, and consumer protection requirements compared to a full licensing regime. The HCMC maintains a public register of VASPs.
• Licensing Regime (Future under MiCA): A full authorization regime that encompasses not only robust AML/CFT, but also significant prudential requirements (capital), extensive governance and operational standards, comprehensive consumer protection measures, and market integrity rules. A MiCA license grants a "passport" to operate across the entire EU.

Disclaimer: The regulatory landscape for virtual assets is complex and constantly evolving. This information is for general guidance and does not constitute legal advice. It is highly recommended to consult with legal professionals specializing in financial services and cryptocurrency law in Greece to ensure full compliance with current and upcoming regulations.