KYC Requirements in Greece

In order to prevent financial crimes such as money laundering, terrorist financing, and fraud, Greece enforces a strict and meticulous Know Your Customer (KYC) framework. Whether you are operating a bank, cryptocurrency exchange, or another regulated entity, compliance with KYC obligations is important in order to maintain legal and reputational integrity.

This blog contains the updated 2025 outline of what Greeceʼs KYC regulations, key legal measures, and practical steps are for entities and individuals who are seeking to remain compliant consistently.

What is KYC?

Know Your Customer (KYC) is the process by which institutions verify the identity and background of their clients. The ultimate goals are to ensure transparency, prevent risks, and fundamentally confirm that none of their customers are involved in illicit financial activities. In Greece, KYC compliance is a foundational basis of their Anti-Money Laundering (AML) framework system. These institutions are strictly required to meet expectations where they must apply a risk-based approach as well as ongoing due diligence.

By implementing an effective KYC system, financial service provider, and institutions are not only meeting regulatory expectations but strengthening the trust in their operations and securing their financial system.

KYC Requirements in Greece

Greeceʼs KYC regulations are closely aligned with the European Unionʼs AML Directive (AMLD), especially the 4th, 5th, and 6th AMLD. The current legal frameworks include:

•  Law 4557/2018: Implementation of the 4th AML Directive and establishment of the overall general AML and Counter-Terrorist Financing (CTF obligations, as well as CDD and reporting requirements
•  Law 4734/2020 & Law 4990/2022: Utilizes the 5th and 6th AMLDss, which introduce enhanced due diligence, beneficial ownership transparency, as well as criminal charges for money laundering
•  EU Joint Guidelines (EBA/ESMA/EIOPA): Offers outlined standards for customer due diligence (CDD) across the EU, which include the guidance for risk factors, monitoring practices, third-party reliance

Core KYC Components in Greece

KYC compliance in Greece includes multiple significant steps in order to secure proper identification, risk assessment, and monitoring of clients.

1. Customer Identification

This process includes gathering key personal information of the client, such as full name, residential address, date of birth, ID/passport number, and contact details. This established the foundation for building a reliable and for verifying the profile of the customer.

2. Document Verification

This step involves the authentication of the customer-provided details using valid documents, which include national IDs, passports, tax numbers, or utility bills. This results in proper verification, which then helps confirm the identity and prevent fraud.

3. Risk Profiling

Subsequently, evaluate this level of customer risk based on factors such as transaction behavior, country of residence, and business activity. These clients are typically categorized as low, medium, or high risk. This categorization helps institutions cater to due diligence accordingly.

4. PEP Screening

Check whether the customer or any Ultimate Beneficial Owners (UBOs) is a Politically Exposed Person (PEP). Since they have high exposure to corruption risks, PEPs are required to go under enhanced scrutiny under AML regulations to maintain compliance.

5. Sanctions Screening

 Sanction screening involves the process of cross-checking customer and UBO names against sanction lists, which are issued by the EU, UN, Office of Foreign Asset Control (OFAC), and other Greek authorities as well. By going through this process, institutions ensure compliance and protect against dealings that could be linked to restricted individuals or entities.

6. UBO Identification

UBO identification process is directed towards corporate clients who are required to identify individuals who ultimately control or benefit from the entity. Utilizing official records such as the Greek Business Registry to verify ownership structure and maintain transparency.

7. Ongoing Monitoring

Ongoing monitoring is the process by which institutions consistently track customer transactions to flag abnormal or suspicious transaction behavior. For this procedure, updating risk assessments and customer records regularly is required, especially for high-risk clients.

Customer Due Diligence (CDD) Levels

Institutions in Greece are strictly required to apply different levels of CDD, which depend on the customer risk profile and the overall status of the relationship.

EDD includes an expanded level of scrutiny for higher-risk customers. This involves collecting additional supporting documents, verifying where or what the source of funds is, and implementing heightened security in transaction monitoring to ensure legitimacy and percent AML risks.

Regulatory Authorities Overseeing KYC in Greece

There are multiple regular authorities who are responsible for overseeing KYC compliance across different sectors in Greece.

Failure to comply could result in serious consequences. In 2024, the Bank of Greece charged two financial institutions €280,000 each for onboarding customers without properly identifying ultimate beneficial owners (UBOs).

KYC in Practice for Banks and Financial Institutions

Banks and financial entities in Greece are legally obligated to implement stronger KYC controls. These key measures include:

• Digital Identity Verification

The utilization of biometric data and video-based verification tools has become a standard practice. These technological tools enhance the accuracy of the onboarding process, reduce identity fraud, as well as support regulatory compliance.

• Daily Screening

Consistency screening against updated PEp and sanctions lists results in ensuring that there are no high-risk individuals are missed. This protects financial institutions from mistakenly engaging with restricted parties.

• •   Data Retention Institutions are responsible for storing all KYC-related records for a minimum of five years, aligned with both Greek and EU requirements. This controls future audits, investigations, or regulatory reviews.

Institutions are responsible for storing KYC-related records for a minimum of five years, aligned with both GREEK and EU requirements. This controls future audits, investigations, or regulatory reviews.

• Compliance Audits

Regular internal audits help detect errors and threats in KYC implementation. If there is an error or any incomplete or suspicious activities must be reported to the Hellenic FIU to maintain compliance and also avoid penalties.

KYC in the Greek Crypto Sector

Greeceʼs fast-growing crypto sectors provide both innovations and complexity, highlighting AML risks, and regulators must have strengthened KYC obligations for Crypto Asset Service Providers (CASPs).

Registration Requirement

All CASPs must register with the HCMC before they start operating. By doing so, they ensure transparency and accountability across the crypto industry, which establishes proper oversight, resulting in meeting expectations.

Onboarding Verification

Crypto firms are strictly required to verify customer identities utilizing technological mediums such as video identification or biometric authentication. By utilizing all of these measures, the prevention of identity fraud is guaranteed and alignment with standards is ensured.

Transaction Monitoring

Monitoring user activity for suspicious behavior is important. The risk indicators include:

• Use of mixers or tumblers
• High-volume or rapid transactions across platforms 
• Transactions that involve high-risk jurisdictions

Firms can prevent these risks by utilizing Sanction Scannerʼs Blockchain Monitoring Tool, in which we offer real-time insights into transaction behavior and potential illicit activity. This improves regulatory compliance and efficiency in operations.

How Can Sanction Scanner Help You with KYC?

At Sanction Scanner, we provide you with an end-to-end KYC compliance platform that is established to support institutions across sectors such as banking, fintech, crypto, legal, and insurance.

Global Sanctions and PEP Screening

We can instantly screen customers against thousands of our databases, which include OFAC, UN, EU, HMT, and Iandpol, as well as over 3,000 PEP databases worldwide, which are all updated regularly.

Adverse Media Screening

We can assure you that we detect reputation risks and criminal associates by utilizing AI-powered scanning of global and local news sources for negative media mentions.

Customer Risk Scoring

We are able to automatically assign and categorize risk levels (low, medium, or high) based on factors such as geography, job role, transaction patterns, as well as provided KYC data.

Real-Time API & Batch Screening

Utilize screening in your operational system with real-time APIs or upload mass data through CSV in order to conduct onboarding checks and regular reviews.