GREECE Trends and Developments Contributed by: Paris Tzoumas, Zepos & Yannopoulos
Under the new framework, credit institutions established in Greece, as well as leasing com - panies, factoring companies, credit companies and financing institutions, must provide for cred - it purchasers all necessary information on the receivables and their collateral prior to the sale to the credit purchasers of the loan receivables so that they can assess their credit risk on an informed basis. The form of this information is further specified by Commission Implementing Regulation (EU) 2023/2083. Finally, all servicers and credit purchasers must to provide borrowers with information on the sale of their loans, the contact details of the credit purchaser and details on the loan status (outstanding principal, interest and interest rate) on a regular and ad hoc basis. To this end, ser - vicers were required to develop and have since developed an e-platform with loan data to which borrowers must have direct access. DORA Regulation (EU) 2022/2554 (Digital Operational Resilience Act, DORA) will apply from 17 January 2025, but credit and other financial institutions falling within the scope of its application have started their preparations already. Through the creation of a unified regulatory framework, DORA aims to boost credit and oth - er institutions’ resilience against cyber threats through the implementation of stringent cyber - security measures, regular risk assessments, the reporting of cyber incidents to the relevant authorities, and by addressing operational fail - ures and IT disruptions. The key pillars of DORA that should be observed by credit institutions include the following:
(a) establishing an Information and Com - munication Technology (ICT) risk manage - ment framework by adopting policies, procedures and tools to identify potential ICT threats and protect their digital and physical infrastructure, detect incidents in a timely manner and respond effectively; (b) making corporate governance modifica - tions to ensure that their management have ultimate responsibility for handling ICT risks and for defining roles, govern - ance structures, communicating with ICT functions, reviewing ICT audits and allocating the budget; (c) setting up a digital operational resilience testing programme, with the tests to be carried out independent parties (at least annually for critical functions); (d) reporting of major ICT-related incidents through the use of templates to the com - petent regulatory authorities; and (e) establishing the policies and require - ments for the outsourcing of services to ICT third-party service providers. DLT Greek Law 5113/2024, also known as the Dis - tributed Ledger Technology (DLT) Securities Law, has supplemented Regulation (EU) 2022/858 (DLT Pilot Regulation). It amends, among other things, the definition of financial instruments in Law 4514/2018 (transposing MiFID II in Greece) to include instruments issued by means of DLT and clarifies that all laws and regulations applica - ble to transferable securities will equally apply to DLT transferable securities. The new law aligns Greek corporate and securities regulations with the evolving digital landscape, emphasising technological neutrality while boosting opera - tional efficiency.
238 CHAMBERS.COM
Powered by FlippingBook