The decision, published in the official Government Gazette, updates the core regulatory framework introduced in 2019 and marks a substantive tightening of rules governing both the protection of customer funds and the participation of fintech companies in payment infrastructures.
Rather than introducing purely technical refinements, the new framework reshapes key operational requirements, particularly in relation to how customer funds are safeguarded in practice. Payment institutions that hold client money for the execution of transfers or other payment services are no longer permitted to place those funds in just any bank account. They must now deposit them with a credit institution operating either in Greece or elsewhere in the European Economic Area, provided there is no relationship of affiliation or control between the two entities. Where institutions opt to invest customer funds instead, those investments are restricted to low-risk, highly liquid instruments, such as government securities, which must be held in a dedicated custody account that is fully segregated from the firm’s own investment portfolio.
The Bank of Greece has also placed strong emphasis on transparency and internal governance. Fintech firms are required to document their internal safeguarding procedures in detail, including which staff members have access to protected accounts, the scope of their responsibilities, and the controls in place to ensure that customer funds remain ring-fenced even in the event of insolvency. In practice, this obliges institutions that previously relied on high-level descriptions to submit concrete documentation, such as agreements with banks, formal compliance declarations and clearly defined investment policies.
Comparable standards apply to institutions that choose to safeguard funds through insurance or other guarantees. An electronic money institution using an insurance policy must demonstrate that the insurer is not part of the same corporate group, that the policy is renewed without interruption and that coverage levels are continuously sufficient to meet outstanding obligations to customers.
The decision also introduces a more structured approval process for access to recognised payment systems, including interbank clearing arrangements. Payment institutions seeking direct participation must now obtain prior approval from the Bank of Greece, supported by a self-assessment report addressing issues such as internal controls, fund safeguarding and contingency planning in the event of failure. The central bank has up to three months to reach a decision and may request additional information where necessary.
Finally, the updated framework brings internal governance requirements into line with the latest guidelines issued by the European Banking Authority. This entails more detailed organisational structures and clearer allocation of responsibilities, not only for payment and electronic money institutions but also for other supervised entities, such as foreign exchange bureaus and microfinance providers.
