Greece -- Sanctions Compliance Regulatory Overview

As a member state of the European Union, Greece is subject to the comprehensive sanctions frameworks established by the United Nations (UN) and the European Union (EU). While there are no specific "crypto-only" sanctions lists, all sanctions targeting individuals, entities, and countries apply to assets of any form, including virtual assets. Virtual Asset Service Providers (VASPs) operating in Greece have specific obligations derived from EU and national law.

Here's a breakdown of the cryptocurrency sanctions and restrictions applicable in Greece:

1. Overarching Sanctions Frameworks

a. United Nations (UN) Sanctions:

• Source: UN Security Council Resolutions.
• Mechanism: These resolutions are legally binding on all UN member states, including Greece. The EU then implements these resolutions into its own legal framework, making them directly applicable within Greece.
• Focus: Target specific individuals (e.g., terrorists, those involved in proliferation of WMDs), entities, or entire regimes (e.g., North Korea, Iran, specific regions).
• Obligations: Freezing of funds and economic resources, travel bans, arms embargoes.
• Relevance to Crypto: If a UN-sanctioned individual or entity attempts to use or hold virtual assets, those assets are subject to the same freezing and reporting obligations as traditional financial assets.

b. European Union (EU) Sanctions:

• Source: EU Council Regulations and Decisions.
• Mechanism: EU sanctions implement UN resolutions but also include autonomous EU sanctions regimes (e.g., in response to the situation in Ukraine, human rights violations, cyberattacks, terrorism). EU Regulations are directly applicable and binding in their entirety in all member states, without the need for national implementing legislation (though national laws define penalties).
• Key Regulations (Examples):
  • Council Regulation (EU) No 269/2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine.
  • Council Regulation (EC) No 2580/2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism.
  • Various specific regulations targeting countries like Syria, Iran, Myanmar, Venezuela, etc.
• Obligations: Asset freezes, prohibitions on making funds/economic resources available, trade restrictions (embargoes on goods and technology), travel bans.
• Relevance to Crypto: EU sanctions explicitly cover "funds" and "economic resources," which are broad enough to include virtual assets. Recent EU sanctions packages (e.g., related to Russia) have explicitly mentioned crypto assets. VASPs are expected to comply with these restrictions.

c. Office of Foreign Assets Control (OFAC) Sanctions (U.S.):

• Source: U.S. laws and executive orders, administered by the U.S. Department of the Treasury's OFAC.
• Mechanism: While primarily U.S. law, OFAC sanctions have significant extraterritorial reach. This is especially relevant for VASPs that:
  • Deal with U.S. persons (citizens, residents, entities).
  • Handle transactions denominated in U.S. dollars.
  • Use U.S.-origin software or technology.
  • Have any U.S. nexus.
• Obligations: Prohibitions on transactions, blocking of assets, reporting requirements.
• Relevance to Crypto: OFAC has actively targeted virtual currency mixers, exchanges, and addresses associated with sanctioned entities, illicit finance, and ransomware. Any VASP in Greece with a U.S. nexus or international operations will generally need to screen against OFAC lists (e.g., Specially Designated Nationals and Blocked Persons List - SDN List) to avoid potential secondary sanctions or direct enforcement actions.

2. Sanctions Compliance Requirements for VASPs in Greece

VASPs in Greece are subject to anti-money laundering and counter-terrorist financing (AML/CFT) laws, which explicitly include sanctions compliance. These obligations stem from EU Directives implemented into Greek national law.

a. Legal Framework:

• EU Anti-Money Laundering Directives (AMLDs): Specifically, the 5th AMLD (Directive (EU) 2018/843) brought VASPs under the scope of AML/CFT regulations. The upcoming MiCA Regulation (Regulation (EU) 2023/1114 on Markets in Crypto-Assets) will further regulate VASPs, including aspects relevant to financial crime compliance.
• Greek National Law: Law 4557/2018 (ΦΕΚ Α' 139/30.07.2018) transposed the 4th and 5th AMLDs into Greek law, establishing the legal framework for combating money laundering and terrorist financing for obliged entities, including VASPs. This law designates the Hellenic Financial Intelligence Unit (FIU) as the primary authority for receiving suspicious transaction reports and the Bank of Greece as a supervisory authority for VASPs regarding AML/CFT compliance.

b. Key VASP Obligations:

1. Customer Due Diligence (CDD) / Know Your Customer (KYC): Identify and verify the identity of customers and their beneficial owners.
2. Sanctions Screening: Screen all customers (new and existing), beneficial owners, and transaction counterparties against relevant sanctions lists (UN, EU, and potentially OFAC). This must be done at onboarding, prior to transactions, and on an ongoing basis.
3. Asset Freezing: Immediately freeze funds and economic resources (including virtual assets) belonging to or controlled by sanctioned individuals or entities.
4. Prohibition on Making Funds Available: Do not make any funds or economic resources available, directly or indirectly, to sanctioned individuals or entities.
5. Reporting:
   • Report any frozen assets to the relevant Greek authorities (e.g., Hellenic FIU, Bank of Greece) without delay.
   • Report suspicious transactions (STRs) to the Hellenic FIU if there are grounds to suspect money laundering or terrorist financing, which often involves a sanctions nexus.
6. Internal Controls: Establish robust internal policies, procedures, risk assessments, and training programs to ensure compliance. Appoint a compliance officer responsible for AML/CFT and sanctions.
7. Record Keeping: Maintain records of all transactions, CDD documentation, and sanctions screening results for at least five years.

3. Sanctioned Entity Screening Obligations

VASPs in Greece must implement effective screening programs to identify sanctioned individuals and entities.

• Who to Screen:
  • All customers (individual and corporate).
  • Beneficial owners of corporate customers.
  • Transaction originators and beneficiaries.
  • Intermediaries in complex crypto transactions.
• What Lists to Screen Against:
  • UN Consolidated List: Individuals and entities designated by the UN Security Council.
  • EU Consolidated Financial Sanctions List: This is the primary EU list, combining all individuals and entities targeted by EU asset freeze measures. It is frequently updated.
  • OFAC Sanctions Lists: Specifically the Specially Designated Nationals (SDN) List, Sectoral Sanctions Identifications List (SSI), and other program-specific lists (e.g., related to cyber, narcotics). While not legally binding under Greek law, screening against OFAC lists is a best practice for international VASPs to mitigate U.S. sanctions risk.
• Methodology:
  • Automated screening solutions are highly recommended given the volume of transactions and the dynamic nature of sanctions lists.
  • Sanctions lists must be updated frequently (daily is often required or best practice).
  • A robust "hit management" process is crucial to review potential matches, resolve false positives, and escalate true positives for further action.
• Scope: Screening should encompass names, aliases, dates of birth, addresses, passport numbers, and potentially crypto addresses linked to known sanctioned entities, where such information is available and feasible.

4. Geographic Restrictions

Sanctions impose geographic restrictions, prohibiting or limiting transactions and activities with specific countries, regions, or entities located within them.

• Examples of Sanctioned Jurisdictions (EU perspective):
  • Comprehensive Sanctions: Iran, North Korea, Syria, certain regions of Ukraine (e.g., Crimea, Sevastopol, areas of Donetsk and Luhansk, Kherson, Zaporizhzhia).
  • Targeted Sanctions: Russia (extensive sectoral sanctions, asset freezes on specific individuals/entities), Belarus, Myanmar, Venezuela, Mali, etc.
• Implications for Crypto: VASPs must prevent transactions originating from or destined for these jurisdictions, or involving individuals/entities based there, as per the scope of the specific sanctions regime. This often involves geoblocking IP addresses, scrutinizing wallet addresses linked to sanctioned regions, and enhancing CDD for clients with any connection to high-risk or sanctioned areas.

5. Penalties for Violations in Greece

Violations of sanctions obligations in Greece can lead to severe criminal and administrative penalties, as outlined in Greek national law.

• Legal Basis: Greek Law 4557/2018 (Articles 40-45) and other specific laws implementing EU sanctions.
• Types of Penalties:
  • Criminal Penalties:
    • Imprisonment: Individuals (e.g., responsible VASP officers or directors) can face imprisonment for serious breaches, particularly those involving terrorist financing or significant money laundering. Sentences can range from several years up to 10 years or more, depending on the severity and intent.
    • Fines: Significant criminal fines can be imposed on individuals and legal entities.
  • Administrative Penalties:
    • Fines: The Hellenic FIU and the Bank of Greece can impose substantial administrative fines on VASPs for non-compliance. These can range from hundreds of thousands to several million euros, or a percentage of the VASP's annual turnover (e.g., up to 10% of total annual turnover for serious breaches), as per AMLD5 requirements.
    • Withdrawal of Authorization/License: A VASP's operating license in Greece can be suspended or revoked.
    • Public Censure: Publication of a public statement identifying the VASP and the nature of the breach.
    • Disqualification: Responsible individuals may be disqualified from holding management positions.
• Reputational Damage: Beyond legal penalties, non-compliance can lead to severe reputational damage, loss of customer trust, and difficulties in maintaining banking relationships.

6. Country-Specific Sanctions Lists Applicable to Crypto in Greece

There are no specific "crypto" sanctions lists maintained by Greece itself or the EU. Instead, all general UN, EU, and OFAC sanctions lists apply to virtual assets.

Therefore, for a VASP operating in Greece, the relevant lists are:

• UN Consolidated List: Accessible via the UN website (e.g., https://www.un.org/securitycouncil/sanctions/un-sc-consolidated-list).
• EU Consolidated Financial Sanctions List: This is the primary list for EU member states, maintained and updated regularly.
  • Access: The EU Sanctions Map provides a comprehensive overview and access to the consolidated lists: https://www.sanctionsmap.eu/#/main
• OFAC Sanctions Lists: For the reasons mentioned above (extraterritorial reach), compliance with OFAC lists is a critical risk mitigation strategy for international VASPs.
  • Access: The OFAC Sanctions List Search is the primary tool: https://sanctionssearch.ofac.treas.gov/
  • The SDN List can also be downloaded directly: https://www.treasury.gov/ofac/downloads/sdn.pdf

Specific Legal References and URLs:

• UN Sanctions:
  • UN Security Council Sanctions Committees: https://www.un.org/securitycouncil/sanctions/information
• EU Sanctions:
  • EU Sanctions Map (overview and access to consolidated lists): https://www.sanctionsmap.eu/#/main
  • Council Regulation (EU) No 269/2014 (example of specific sanctions regime, current consolidated version): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02014R0269-20231215
• EU AML/CFT Framework (relevant for VASPs):
  • Directive (EU) 2018/843 (5th AMLD, including VASPs): https://eur-lex.europa.eu/eli/dir/2018/843/oj
  • Regulation (EU) 2023/1114 (MiCA Regulation): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114
• Greek National Law:
  • Law 4557/2018 (ΦΕΚ Α' 139/30.07.2018) for AML/CFT and penalties. While a direct, freely accessible English translation URL is hard to provide, its official publication reference is essential. For official Greek gazette (ΦΕΚ) publications, a search on the National Printing Office website (Εθνικό Τυπογραφείο) would be required.
  • Hellenic Financial Intelligence Unit (FIU): https://www.hellenicfiu.gr/
• OFAC Sanctions:
  • OFAC Sanctions List Search: https://sanctionssearch.ofac.treas.gov/
  • Specially Designated Nationals (SDN) List: https://www.treasury.gov/ofac/downloads/sdn.pdf

Conclusion:

VASPs operating in Greece face stringent sanctions compliance requirements. They must adhere to UN and EU sanctions, which are directly applicable or implemented through Greek law, and also consider the extraterritorial reach of OFAC sanctions. Robust screening, asset freezing, and reporting mechanisms are mandatory, with severe penalties for non-compliance, including substantial fines, imprisonment, and license revocation. The lack of "crypto-specific" sanctions lists does not diminish the obligation, as all existing sanctions lists apply to virtual assets as they do to traditional financial assets.