Snapshot: AML requirements for covered institutions and individuals in Greece

AML requirements for covered institutions and individuals

Which government entities enforce the AML regime and regulate covered institutions and persons in your jurisdiction? Do the AML rules provide for ongoing and periodic assessments of covered institutions and persons?

The supervision of covered institutions and persons is conducted by the government entities and quasi-government bodies that are competent for each field of activity. In principle, banking, financial and insurance institutions are supervised by the Bank of Greece, corporations that are listed in the stock market are regulated by the Hellenic Capital Market Commission, and lawyers and notaries are regulated by the Ministry of Justice. The central regulating authority, which liaises with all regulatory agencies and institutions, is the Ministry of Finance. Article 6 of Law 4557/2018 provides a comprehensive list of all government entities.

Which institutions and persons must have AML measures in place?

Article 5 of Law 4557/2018 provides an extensive list of covered institutions and natural persons. The Minister of Finance and the Minister of Justice may add more institutions and natural persons to the list.

Covered institutions and persons are banking and finance organisations, venture capital companies, venture capital funds, auditing companies, tax consultants, real estate businesses, casinos and gambling agencies, auction houses, pawnbrokers, notaries, and lawyers acting on behalf of clients for real estate sales, trust fund administration, etc.

Do the AML laws applicable in your jurisdiction require covered institutions and persons to implement AML compliance programmes? What are the required elements of such programmes?

Covered institutions and persons must implement AML compliance programmes and follow the guidelines and regulations issued by the competent supervising authorities. The required elements of the programmes vary depending on the types of business of the covered institutions and are related to validating the transaction and identifying the parties of a transaction to eliminate suspicions of questionable conduct or unknown, untraceable origins of assets. Owing to the nature of their activities, covered institutions, such as banks and financial and insurance institutions, have more comprehensive and detailed AML compliance programmes.

What constitutes breach of AML duties imposed by the law?

According to articles 22 and 27 of Law 4557/2018, covered institutions and their employees have three basic obligations:

• immediately report to the Hellenic Financial Intelligence Unit (FIU)if they suspect that an act of money laundering has been committed or is about to be committed;
• immediately provide all information requested by the FIU or other supervising authorities; and
• abstain from informing the client or any third party either that they have filed a report of a suspicious transaction or that they have received a request to provide information to any investigating authority. 

Any breach of this obligation constitutes a criminal offence punishable by at least three months’ imprisonment and a fine.

Describe due diligence requirements in your jurisdiction’s AML regime.

Due diligence requirements are provided for by Law 4557/2018 (Chapter C, articles 11 to 19), which outlines a complex set of rules that must be followed by covered persons and that are applicable to new and existing clients, high-risk individuals, politically exposed persons, transactions executed without the client’s physical presence, etc. In principle, requirements of due diligence apply:

• when the covered institution enters into business with the client and carries out an occasional transaction that amounts to €15,000 or more, or in cases where the transaction constitutes a transfer of funds exceeding €1,000;
• in the case of persons trading in goods, when carrying out occasional transactions in cash amounting to €10,000 or more, whether the transaction is carried out in a single operation or in several operations that appear to be linked;
• when there is a suspicion of money laundering or terrorist financing, regardless of any derogation, exemption or threshold;
• when there are doubts about the veracity or adequacy of previously obtained data for the certification and verification of the identity of the customer or the beneficial owner; and
• for electronic money or special prepaid instruments with a maximum payment transactions limit exceeding €150 in both cases.

Moreover, covered institutions must take all necessary actions to identify the client and the beneficial owner in relation to the executed transaction as well as to gather information on the economic background of the client.

Article 3, paragraph 17 of Law 4557/2018 defines the beneficial owner as the person in favour of whom the transaction is executed or the person in control of the entity or group of entities (directly or indirectly) in favour of which the transaction is executed. 

Do the AML rules applicable in your jurisdiction require that covered institutions and persons conduct risk-based analyses? Which high-risk categories are specified? What level of due diligence is expected in relation to customers assessed to be high risk?

Risk-based analyses are required when a transaction is connected to politically exposed persons or to their family members or close associates (article 18 of Law 4557/2018).

Politically exposed persons are natural persons to whom a significant public office had or has been appointed. These may include:

• heads of state, heads of government, ministers and deputy or assistant ministers;
• members of Parliament or of similar legislative bodies;
• members of the governing bodies of political parties;
• members of supreme courts, constitutional courts or other high-level judicial bodies whose decisions are not subject to further appeal, except in exceptional circumstances;
• members of courts of auditors;
• members of the board of directors of central banks;
• ambassadors and chargés d’affaires;
• high-ranking officers in the armed forces;
• members of the administrative, management or supervisory bodies of state-owned enterprises; and
• directors, deputy directors and members of the board or equivalent function of an international organisation.

Describe the record-keeping and reporting requirements for covered institutions and persons.

Any suspicious transaction must be reported immediately along with all relevant information to the Hellenic FIU. Regulated institutions usually fill a pre-drafted form of the reform (which has been issued by the regulating authorities), which is used to inform the FIU on the specifics of the suspicious transaction. 

Suspicious activity involves transactions that indicate that a money laundering offence has been committed or has been attempted or where there is sufficient indication that the transacting party is involved in other criminal activity. The assessment is based on the characteristics of the transaction, the background of the client and the history of the client's transactions. 

Describe any privacy laws that affect record-keeping requirements, due diligence efforts and information sharing.

Law enforcement agencies, regulators and the Hellenic FIU are not bound by privacy laws in relation to information falling into their powers and responsibilities by express legal provisions. Law enforcement agencies, such as the Financial and Economic Crime Unit and the FIU, may receive any information related to a person’s or entity’s banking and tax records. The Hellenic Capital Market Commission may obtain any information related to the regulated activities of the supervised entities. Some information, however, requires special authorisation to be obtained and reviewed (eg, correspondence and telecommunications). For the purposes of reporting and information sharing by covered institutions, there is no private information in relation to an agency’s request; for example, a bank is not bound by the rules of banking privacy when reporting on suspicious activities or sending data on requested transactions.

What is the range of outcomes in AML controversies? What are the possible sanctions for breach of AML laws?

Plea agreements are not customary under Greek legislation. However, through a series of amendments to the Criminal Code (to comply with obligations from international treaties and other instruments) in recent years, there is a provision for immunity or leniency in respect to money laundering related to corruption acts. By virtue of article 263A of the Criminal Code, charges against a defendant for bribery, corruption or money laundering may be suspended if he or she gives evidence of corrupt acts committed by members of the government. If charges cannot be brought against government or Parliament members (eg, because of limitation), then the person offering evidence is eligible for a lesser penalty. The court may even decide to suspend execution of the penalty.

Sanctions for money laundering depend on the severity of the act, the person committing the act (natural or legal), the type of predicate offence and related circumstances. In principle, sanctions against natural persons are imprisonment and a fine, while for businesses or legal entities, it is a fine with or without additional measures (eg, suspension of activities). If the predicate offence is a misdemeanour, the perpetrator of the money laundering act is punishable by imprisonment for at least one year (and up to five years). If the predicate offence is a felony, the basic sanction against natural persons is imprisonment (ranging from one to six years) and a fine ranging from €20,000 to €1 million. If the act is committed by an employee of the covered institutions or the predicate offence is related to passive or active bribery of a judge, it is punishable by imprisonment for five to 15 years (even if the predicate offence is a misdemeanour) and a fine ranging from between €30,000 and €1.5 million. If the act is committed by a person committing the acts repeatedly or his or her acts are related to organised crime activities, it is punishable by imprisonment for at least 10 years and up to 15 years, and a fine ranging from €50,000 to €2 million.

Omissions by employees of covered institutions (to report) or filing of inaccurate information is a misdemeanour, punishable by imprisonment for up to two years.

However, according to the Criminal Code, sentences of up to five years are usually converted into fines and may be suspended for first-time offenders.

Sanctions against businesses or entities are mainly fines (depending on the characteristics of the act) and may be divided into two different categories: covered institutions (eg, banking and finance institutions and companies listed in the stock exchange market) and other businesses.

For the first category (covered institutions), sanctions are stricter and are as follows:

1. an administrative fine ranging from €50,000 up to €10 million, which is always applicable;
2. suspension of activities temporarily or permanently;
3. prohibition of certain activities to be performed by the company or the establishment of branches; and
4. a ban from public tenders, subsidies, etc.

Measures (2), (3) and (4) may be imposed for a period of one month to two years. Sanctions are imposed by the competent authorities as classified in article 6 and can be imposed consecutively or concurrently.

If the legal entity is a covered institution, the penalties are imposed by virtue of a decision by the competent regulatory authority. In all other cases the fine is imposed by a decision of the Supervisor of the Financial and Economic Crime Unit. All of the above-mentioned sanctions apply to cases where acts of money laundering were committed in favour of the legal entity or for the purposes of gaining profits by a natural person with the power to represent the company or who has a managing or supervising role or is responsible for the company’s internal audits.

Regulatory authorities (depending on the legal entity) may also impose administrative fines for non-compliance to administrative regulations (eg, non-compliance with the legal framework for corporate governance) in the above range. These fines are different and independent from the fines in the context of criminal proceedings.

If the above-mentioned natural persons fail to supervise or effectively control lower-ranking employees of an entity, thus enabling them to engage in money laundering acts resulting in profit-gaining for the legal entity, sanctions against the legal entity are (accumulatively or alternatively) an administrative fine ranging from €10,000 to €5 million and the above-mentioned measures (2) to (4) for up to one year.

What are the limitation periods governing AML matters?

The legal classification of the money laundering act as a misdemeanour or felony determines the limitation period, which commences at the time of commission of the act. In particular, the limitation period for misdemeanours is five years, which may be suspended for an additional three years provided that the person in question has been indicted in court (therefore extending the total limitation period to eight years). For felonies, the limitation period is 15 years, which may be suspended for an additional five years provided that the person in question has been indicted in court (therefore extending the total limitation period to 20 years).

Do your jurisdiction’s AML laws have extraterritorial reach?

Anti-money laundering laws cover institutions and individuals who are located or are active in Greece. However, in cases where the predicate offence was committed abroad and its profits were laundered in Greece, Greek anti-money laundering laws are applicable provided that the principle of dual criminality applies in respect of the predicate offence. Greek citizens will also be prosecuted for acts of money laundering committed abroad provided that dual criminality applies (ie, the act of money laundering constitutes an offence and is punishable both in Greece and abroad).