Anti-Money Laundering (AML) in Greece

As a member of the European Union as well as the Eurozone, Greece plays an important role in the global financial space. In order to secure its economy and its international reputation, the country has significantly developed a more comprehensive framework for anti-money laundering (AML) and countering the financing of terrorism (CFT). With the help of EU directives and aligned with the Financial Action Task Force (FATF) standards, Greeceʼs AML system tackles financial crime risks across high-exposure sectors such as shipping, tourism, real estate, and digital assets.

Greeceʼs AML Legal Framework

Greeceʼs AML system is based on both domestic legislation and EU regulations. With both of these combined, they form s strict and meticulous legal basis for identifying, preventing, and money laundering and terrorist financing.

• Law 4557/2018: The legislative is the foundation of Greeceʼs AML system, which converts the EUʼs 4th AML Directive into national law
• Laws 4734/2020 and 4990/2022: These laws introduce the updates from the 5th and 6th AML directives, in which they expanded the coverage to areas like virtual assets and beneficial ownership
• EU Regulation 2015/847: This regulation ensures that wire transfers are trackable within and outside the EU. This helps strengthen cross-border transaction transparency.
• Greek Penal Code, Article 2: This code lays a comprehensive definition of what money laundering offenders are and establishes the legal foundation for criminal punishments.

Greeceʼs AML efforts are closely monitored by the European Banking Authority (EBA) and it is also subject to regular evaluation by MONEYVAL, which is the Council of Europe AML regulatory authority.

Key AML Regulatory Authorities in Greece

 Several national regulatory authorities collaborate to enforce AML obligations, and each of them focuses on a specific issue of the financial system

1. Hellenic Capital Market Commission (HCMC)

HCMC is responsible for overseeing securities firms, investment companies, and crypto asset service providers, also known as CASPs. This regulatory body enforces compliance through the implementation of identity verification, transaction monitoring, and transparency measures to protect capital markets from illicit financial activity.

2. Bank of Greece (BoG)

BoG is responsible for regulating banks, credit institutions, service providers (PSPs), and e-money institutions and entities. They control and implement a risk-based approach to AML, which requires real-time monitoring and reporting of suspicious activity to ensure financial system resilience.

3. Hellenic FIU (Authority for Anti-Money Laundering)

Hellenic FIU plays as the national center for receiving analyzing, and diminishing Suspicious Transaction Reports (STRs). The FIU provides intelligence to law enforcement as well as national authorities, which is a significant tool in unraveling complex financial crime networks.

4. Ministry of Finance

The Ministry of Finance is responsible for aligning AML policy with the EU directive and FATF guidelines. This is done through strategic planning and regulatory developments, the Ministry molds Greeceʼs long-term AML system and supports the economic stability of the country through regulatory integrity.

AML Requirements and Obligations in Greece

All obligated entities, which include financial institutions, crypto firms, and designated nonfinancial businesses and professions (DNFBPs), are required to comply with the wide range of AML obligations. These include:

1. Core Obligations for All Businesses

All regulated entities are responsible for verifying the identity of their clients because this ensures the accuracy and validity of personal and business information. Customer Due Diligence (CDD): Organizations need to verify all of their customers’ identities to make sure that their personal and business information is correct and current. It involves evaluating the risk profile of each client and transaction depending on factors that include geographic location, transaction type, and industry risk.

2. Enhanced Due Diligence (EDD):

High-risk clients, which include Politically Exposed Persons (PEPs) or individuals who are operating in countries with weak AML oversight, are required to undergo extra scrutiny. EDD regulatory measures include detailed background checks, obtaining approval from senior management, as well as close ongoing monitoring. All of these steps help institutions detect and respond to increased risks promptly.

3. Sanctions Screening:

All clients and transactions are required to be screened against sanction lists, which are maintained by the EU, United Nations, OFAC, and Greek authorities. Doing so ensures businesses do not encounter or even engage with sanctioned individuals or entities. Comprehensive records of all screenings are required to be retained and stored for potential audits as well as regulatory review purposes.

4. Suspicious Transaction Reporting:

Entities are also required to report any transaction that is seen as unusual or suspicious relating to the customerʼs known behavior, regardless of the amount of the transaction. Suspicious transactions may include sudden large transactions, unexplained changes in transaction behavior or patterns, and activities where the source of funds is uncertain. Reporting these transactions promptly to the Hellenic FIU is important to intervene in potential money laundering activities at early stages.

5. Retention of Records:

Businesses are obligated to maintain the documents of the customersʼ identities, which include transaction logs and any submitted reports, for a minimum of five years. These records are required to be organized and also easily accessible for potential regulatory inspections and investigations, which ensures long-term traceability and accountability.

6. Internal Controls:

Organizations and entities are required to utilize strong internal compliance mechanisms. These media include appointing an AML compliance officer who is responsible for conducting regular employee training and establishing internal audit procedures. These steps encourage strong compliance and also ensure active risk management across the operations of businesses.

Non-compliance with all of these core requirements and obligations could lead to severe consequences, which include financial penalties, suspension of business activities, and even legal actions.

AML Rules for Financial Institutions

Greek financial institutions are more likely to be subjected to stricter AML requirements, which are overseen by the BoG and the EBA. These institutions are required to comply with a Risk-based Approach (RBA) to manage both existing and potential threats.

Key Focus Areas

Real-Time Transaction Monitoring:

Banks as well as other financial institutions are obligated to employ automated systems that are capable of identifying suspicious transactions as they happen, specifically those that exceed €10,000. Real-time monitoring allows the early detection of suspicious transactions and ensures the smooth intervention of potential risks.

Cross-Border Risk Management:

Because of Greeceʼs geographic closeness to high-risk jurisdictions such as Turkey, Cyprus, and parts of the Balkans, financial entities are required to utilize increased due diligence on international transactions. These cross-border activities are overseen through documentation, customer profiling, and enhanced oversight.

Anti-Fraud Systems:

Utilization of advanced AML technology is important in order to support ongoing compliance. These systems are required to operate under sanctions screening, utilize automated PEP checks, and ensure full alignment with global regulatory frameworks. Applying all of these tools helps institutions increase their strength in defending their operation against fraud and financial misuse.

According to the Bank of Greeceʼs 2024 Annual Report, over 1,300 suspicious transaction Reports ‘STRs) were submitted and filed, with many of these related to high-value real estate and crypto-related transactions.

AML Compliance for DNFBPs

Designated Non-Financial Businesses and Professions (DNFBPs)

Certain non-financial sectors in Greece are usually vulnerable and subject to money laundering. Hence, they are also subject to AML obligations, which include:

• Real Estate Agents:

High-risk because of large cash inflows and foreign investors, especially in urban as well as tourist markets.

• Casinos and Gambling Operators:

Both of these are required to implement CDD protocols and are responsible for monitoring irregular betting patterns across physical and online platforms.

• Luxury Goods and Jewelry Retailers:

They are required to verify their customersʼ identities in high-value transactions, specifically those who are involved in watches, precious metals, and rare collectibles.

Regulating Cryptocurrency and Virtual Assets:

Cryptocurrency is consistently evolving fast as a sector in GFreeceʼs AML space. Ever since the adoption of Law e4733 in 2020, which utilizes the EUʼs5thh 5th AM Directive, Regulatory authorities in Greece have been focusing on enforcing compliance within this high-risk area.

Compliance Requirements for Crypto Asset Service Providers (CASPs)

• Mandatory Registration: All CAPS are required to be registered with the Hellenic Capital Market Commission (HCMC) to operate legally within the jurisdiction.
• KYC Protocols: Firms are also obligated to apply a strong Know Your Customer (KYC) protocol alongside EDD measures before wallet activations.
• Blockchain Monitoring: CASPS are required to screen all wallet addresses against global sanctions as well as regulatory watchlists, regularly

Tools like Sanction Scanner help crypto firms automate key compliance functions, such examples are blockchain transaction monitoring, real-time STR reports, and negative media exposure screening. These tools help reduce risks in operation and also enhance regulatory alignment.

Non-Compliance Penalties

Greece enacts a strict set of penalties for violating AML regulations, which showcases the seriousness and the jurisdictionʼs commitment to its financial transparency and integrity

• Failure to File an STR: Can result in charges up to €1,000,000 for each unreported incident.
• Repeated and Multiple Breaches: Can lead to license suspension or full business shutdown, especially for a financial institution.
• Case Study: In 2023, a very well-known Greek investment firm was charged €450,000 because of its failure to comply with proper PEP screening, on top of igniting the EDD requirement.

Major Money Laundering Cases in Greece

Regardless of the regulatory process, Greece has encountered multiple high-profile money laundering cases over the past two decades. These cases commonly involve sectors such as shipping, real estate, politics, and banking. The table below summarizes some indicator cases that showcase constant vulnerabilities as well as the government's enforcement actions.

High-Profile Money Laundering Cases in Greece