Author: admin

The investment volume curve concerning Serbia’s capital markets and trading on the Belgrade Stock Exchange is on a downward trajectory as of the end of the second round of mass privatizations and the start of the 2008-2009 economic crisis.

Even at its peak, Serbia’s capital market and trading volumes were rather underdeveloped and insignificant in comparison to the ones in the EU.

In order to U-turn the current situation, the Ministry of Finance, together with the World Bank, has started the Catalyzing Long Term Finance Through Capital Markets Project (Project). The World Bank granted a EUR 27.7 million loan to support Serbia in developing its corporate bond market and enhancing the participation of the private sector in financing investments.

The Project, which started this year and is intended to be in place for three years, aims to facilitate the issuance of bonds solely by privately-owned Serbian companies with a positive financial track record in recent years.

On the Project

The three main phases of the Project are the following: Phase 1 – application by the interested issuer and confirmation of its eligibility by both the ministry and the World Bank; Phase 2 – due diligence over the issuer by both legal and financial experts proposed by the issuer (legal and financial experts are to be selected by the issuer from the list of experts that qualified under the Project – MMD Advokati being one of the chosen legal experts); and Phase 3 – preparatory actions for and issuance of bonds.

Other key details include:

Interest – to be determined at a later stage and will differ from issuer to issuer. The interest is initially set by the issuer themselves together with the financial advisor, but it can be adjusted depending on the situation of the market.

Bond issuance – there is no strict minimum or maximum amount of bond issuances per issuer, however, some EUR 3 million are considered the lowest acceptable bond issuance. 

Bond type – there are no restrictions. Bonds may be plain vanilla, green, coupon, thematic, etc.

On Issuers

So far, the response and interest of issuers is at an enviable level. This is rather expected as this allows issuers to avoid banks’ financing. At the same time, the criteria and conditions of the Project are rather flexible and favorable for potential issuers. As an example, the issuer has no obligation to have a specific purpose/project for which bonds are issued (although it is recommendable as this will ease attracting investors). At the same time, the entire cost of legal and financial due diligence and of the credit rating agency is covered by the ministry. The only cost to be borne by the issuer is 20-25% of the amount and expenses in the issuance process itself if the issuance is successful, though even this cost does not apply if the issuer is fully owned by women. Furthermore, the issuers see entry in the Project as a step closer to an eventual IPO.

The first issuance of bonds under the Project is expected at the very beginning of 2025 and the first issuer is expected to be one of the largest and most reputable privately-owned companies in Serbia.

On Investors

The ministry will fully support eligible issuers and will organize roadshows in Serbia and the region in order to present the Project and attract both domestic and foreign investors (like the EBRD and other IFIs).

In the process of attracting investors, the ministry is considering further tax incentives which would make the whole scheme even more attractive. 

Outcome Prediction

This may not be the first attempt of the Serbian government to change the climate of the capital market and make it attractive but it is certainly the most serious and dedicated one. The initial conditions – the full backing of the World Bank and a positive climate on the worldwide capital markets – are met. Thus, the success remains dependable only on the sufficient number of reputable issuers and, later on, the full coverage of issued bonds by credible investors.

Ultimately, the success will highly depend on the outcome of the first couple of bond issuances under the Project. If these go well and smoothly and the emissions are looted, this will be a boost for other reputable companies to join the Project and the spiral of success would be in place.

By Rastko Malisic, Partner, MMD Advokati

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The inherent volatility of the financial market offers many opportunities but also poses significant risks. Following the 2007-2008 financial crisis, legislators in the European Union struggled to contain the non-performing exposure (NPE) cycle through legislative action.

As the next crisis loomed over the market as a result of COVID-19, the European Commission took decisive action and issued an NPE-related communication – COM (2020) 822 Final (NPE Action Plan) – which tackled non-performing loans in the aftermath of the pandemic. From the NPE Action Plan, Directive (EU) 2021/2167 of the European Parliament and of the Council of 24 November 2021 on credit servicers and credit purchasers and amending Directives 2008/48/EC and 2014/17/EU (NPL Directive) emerged.

Overview of the NPL Directive

The NPL Directive aims to employ solutions that reduce the risks associated with non-performing loans (NPLs) on banks’ balance sheets and prevent their future accumulation. The NPL Directive is primarily concerned with the supervision of credit servicing companies, the introduction of unified rules for obtaining authorization to operate, and the maintenance of a publicly accessible list of licensed credit servicing companies. It also establishes transparent rules for credit servicers’ contact with borrowers and for conducting cross-border credit servicing activities.

Implementation in Poland

While the NPL Directive has not yet been implemented into the Polish legal system, a draft law of the Act on Credit Servicers and Credit Purchasers (Draft NPL Act) is currently pending in the Polish legislative process.

The Draft NPL Act establishes strict requirements for obtaining a license that permits credit servicing. It also establishes a register of credit servicing entities kept and supervised by the Polish Financial Supervision Authority (KNF) and introduces internal procedure and policy requirements for credit servicing entities, including risk assessment and management systems, borrower rights protection procedures, borrower financial assessment, and anti-money laundering procedures.

Additionally, the Draft NPL Act introduces a framework for credit servicing agreements by setting out obligatory contractual provisions, aimed at protecting the interests and rights of borrowers and credit purchasers.

Lastly, the Draft NPL Act positions the KNF as the primary authority overseeing credit servicing activities. It grants the KNF powers such as requiring changes to credit servicing entities’ policies and procedures, amending or terminating credit servicing agreements if found non-compliant with the Draft NPL Act, imposing fines, and even revoking credit servicing agreement licenses with immediate effect.

Potential Impact of the Draft NPL Act

While the Draft NPL Act provides for a robust regulatory framework, smaller financial entities may face issues adapting to these stringent regulations. For such institutions, compliance with the Draft NPL Act in its current form can prove costly both in terms of resources and financials considering the administrative and operational costs required to adhere to the regulation.

Furthermore, smaller entities might face a disproportionally greater challenge adhering to procedural requirements, potentially leading to market exits. This could limit competition and foster a less accessible secondary NPL market dominated by larger entities better prepared to handle regulatory pressure.

Emerging Opportunities in Poland

The rules and obligations introduced in the Draft NPL Act, such as increased borrower protection and regulatory clarity and oversight, can potentially make the growing secondary NPL market in Poland a more viable and stable option, even in times of economic downturn and uncertainty. This has the potential to attract new investors to the market.

Furthermore, the provisions of the Draft NPL Act stipulating increased supervision, such as risk assessment, borrower financial evaluation, anti-money laundering protocols, and other supervisory actions that can be taken by the KNF, will contribute not only to market fairness but also to market security. By addressing these systemic vulnerabilities, Polish banks will be better prepared to counteract future crises.

Once enacted, the Draft NPL Act will undeniably impact the market. If financial institutions and credit servicing entities are prepared for it, new opportunities for entry into the secondary NPL market will emerge. It will also pave the way for a robust, equitable secondary NPL market in Poland, provided that the balance between regulatory guidance and market adaptability can be maintained.

By Weronika Kapica, Partner, and Milosz Zolich, Student, Schoenherr

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Slovenia’s financing landscape over the past couple of years has been characterized by the expansion and consolidation efforts of Hungary’s OTP banking group, resulting in the market being headed by two comparably large institutional players: NLB and OTP. In fact, consolidation in the banking sector could have easily been the talk of the year had it not been for the increased financing costs fueled by relatively high interest rates combined with volatile energy prices that have been causing headaches for the economy on all levels.

Now that base rates and bank margins are dropping (as a result, banks’ profitability, that has been high, will also drop) and energy prices seem to have stabilized to a certain extent (or we might simply be getting used to the new reality), it will be interesting to see how the market situation will pan out. Will the two Goliaths dominate the floor, or will the other smaller players show some David-esque aspirations? Since most Slovenian banks are stable and highly liquid, this could probably be attempted by introducing newer products or innovative business approaches.

Foreign banks – be it Austrian banks who have their long-lasting presence via their affiliates or engage in cross-border financing or Polish banks who provide acquisition financing – have also played a relevant role and have contributed to the diversity of financial products available.

In any case, banks have been and will likely remain the primary source of financing for businesses, although other sources of financing – at various levels of maturity – are also available.

For example, venture capital investments in Slovenia have not yet become a widespread phenomenon. Start-up support platforms and entrepreneurial incubators are generally in place, but the scope of VC financing and investments is still very low. Similarly, crowdfunding or peer-to-peer lending platforms are trying to gain some traction by offering options for start-ups and SMEs that may struggle to access bank loans or venture capital, but they are still toddlers compared to their counterparts in other jurisdictions.

In contrast, private equity activity is emerging as a significant component of Slovenia’s capital market and financing environment. A few larger players have been present for quite some time now, but several new alternative investment funds have been established in the last year or are being put in place. More are likely to come. Notably, these AIFs are all targeting professional or qualified investors and none of them is specifically aimed at individuals and consumers. Bond or commercial notes placements are also not entirely foreign to the Slovenian market.

On a smaller scale, we have seen one different approach – a public bond issue attempted by a real estate developer aimed also at small investors – but the initial offer was not successful. It seems that the market was not yet ready for such a type of investment and the general public is not yet suitably educated on the concept.

Thus, we hope to see more activity in the direction of consumer-oriented funds, specifically from the larger fund managers, who have both the needed infrastructure in place and also have the knowledge and manpower to tackle the logistics and the regulatory framework.

Education of the wider population in this direction would, in my opinion, also be highly desirable as we need to evolve from the most “traditional” long-term investment (or saving) strategy of individuals – purchasing and renting out one or two residential units. The price of real estate is already ridiculously high and the market will not sustain this approach for much longer.

Toward this, the Slovenian government needs to step up and play a more instrumental role in shaping the financing landscape in 2025 and years to come. Indeed, various initiatives aimed at boosting investment in innovation, research and development, and sustainable projects are put in place, but a sustainable housing policy and investment literacy should also be at the forefront of their goals.

By Blaz Ogorevc, Partner, Selih & Partners

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Aiming to protect consumers from potentially excessive interest rates applied by Romanian non-bank financial institutions (NBFI) and to ensure increased transparency in loan claim assignments, in November 2024, Romania enacted Law 243/2024 on consumer protection regarding the total cost of credit and assignment of claims (Law 243/2024). 

Long debated, this new piece of legislation has undergone significant changes since its draft was first published in February 2022, when it was intended to apply to all types of creditors, including credit institutions. It also faced criticism for alleged constitutional breaches but was found constitutional in August 2024.

Law 243/2024 became applicable on November 11, 2024, giving the market some time to adapt, especially regarding the limitations it imposed on credit costs and interest rates applied by NBFIs.

Interest and Credit Costs Limitation

For consumer mortgage loans granted by NBFIs for real estate investments, the effective annual interest rate (EAR) cannot exceed the interest rate on the lending facility applied by the National Bank of Romania (NBR) on the domestic finance/banking market by more than eight percentage points.

For consumer loans granted by NBFIs, the EAR cannot exceed the NBR’s interest rate on the lending facility by more than 27 percentage points. Exceptionally, in the case of lower-value consumer loans of up to RON 25,000 (approximately EUR 5,000), specific limits have been imposed on the total cost of credit, while the total amount payable by the consumer cannot exceed double the value of the principal.

Impact on Ongoing Loans Granted by NBFIs

The newly introduced limitations apply to ongoing loans granted by NBFIs, which are loans active on the enactment date of Law 243/2024 that have reached maturity and that have delays in payment of no more than 60 days. Consumer loans that are qualified as non-performing under Romanian legislation are excluded from the scope of this law.

Consumers may request a revision of their ongoing loan agreements if the cost limits are exceeded and may seek judicial intervention if necessary.

Once a request for adaptation has been received by an NBFI from a consumer, the creditor has 30 days to revert with a proposal to adjust the contract (by partial reduction and/or write-off of the debt, refinancing, etc.), taking into consideration the financial situation of and the maximum indebtedness level applicable to the debtor.

If the NBFI refuses or fails to respond within 45 days, the consumer may file a court action to obtain the adaptation of the loan agreement.

Impact on Loans Assigned to Third Parties

Loan claims assigned and/or otherwise outsourced by credit institutions to third parties may also be subject to requests for adaptation by consumers. This possibility may create uncertainties in secondary debt trading, where consumer-protection-related risks are particularly important.

Additionally, for claim assignments concluded on or after November 11, 2024, debt recovery entities acting as assignees may only collect from the debtor a total amount (including any expenses related to the recovery of the receivables) that does not exceed the claim certified by the creditor at the date the assignment agreement was concluded.

However, these limitations should not significantly impact the recovery potential of debt recovery entities, as they were already restricted in terms of the interest they can collect. In any case, collection up to the total face value of the receivable seems to be less frequent in the case of assignment of non-performing loans.

Practical Implications for NBFIs and Debt Recovery Entities

According to public information, some of the largest NBFIs in Romania are already implementing voluntary measures and adaptation programs for all ongoing loans, aiming at ensuring compliance with Law 243/2024. It is yet to be seen how these voluntary measures will be received by the impacted consumers and the National Consumer Protection Authority.

The new limitations introduced for debt recovery entities add up to existing restrictions applicable under the consumer protection legislation, with a view to further limiting the maximum amounts these entities may charge and/or collect from consumers.

In addition, the new transparency obligations requiring assignors to provide consumers with supporting documentation related to the assigned claim will likely add further burdens to the assignment notification process.

By Matei Florea, Partner, and Valeria Stropsa, Senior Attorney at Law, Schoenherr

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Private equity funds have become an increasingly popular investment vehicle in Hungary since the late 2010s, currently, the register of the National Bank of Hungary shows more than 165 private equity funds registered in Hungary. Although the availability of specific statistics is limited, based on the partial data, it can be estimated that the total assets of Hungarian private equity funds are roughly around HUF 3 trillion, i.e., close to 4% of the nominal GDP of Hungary.

A well-known key feature of this type of investment entity is that the investors enjoy a relatively high level of privacy, deriving from the long-debated concept of secrecy of investments. The level of such secrecy was traditionally higher in some jurisdictions while very limited in others. The exact level of privacy in Hungary, especially regarding the main investment unit holders, was initially in the grey zone of legislation.

During the years of the sudden proliferation of private equity funds, this ambiguity caused headaches for many bank officers responsible for anti-money laundering (AML), customer due diligence, and sanctions screening. The concerns were aggravated by the suspicion that in a large part of private equity funds, the fund manager’s role appeared to be formal, suggesting that the investor who apparently controlled the investment decisions – based on the investment policy or on informal grounds – selected this type of investment tool essentially because of the increased privacy level comparing to those applicable in the case of ordinary company shareholdings.

The practices of banks, who are primarily responsible for sending their clients’ ultimate beneficial owner (UBO) data to the central UBO register, were very divergent in 2021-2022. So much so that, after the launch of the Hungarian central UBO register in 2022, in the case of some private equity funds the register contained the unit holders possessing at least 25% of all investment units, while in the case of others, it indicated the senior manager of the fund manager as the UBO, or contained no information on the UBO at all, keeping the majority investors undisclosed toward the UBO database.

Following some position letters and statements of the affected ministries, it was the tax authority operating the UBO register that ultimately put an end to this uncertainty in mid-2023 by deleting all UBO data from the central register in connection with all private equity funds. It claimed that such entities do not fall under the scope of the act that created the central UBO register. The opponents kept arguing that the unit holders of private equity funds reaching 25% do fall within the beneficial owner definition of the effective EU money laundering directive (AMLD-5).

Now, this situation has substantially changed again from January 1, 2025, when new provisions entered into force inserted in the Hungarian AML Act and in the UBO Register Act. Following this amendment, the referenced acts will explicitly list private investment funds (meaning venture capital funds and private equity funds) for those entities to which UBO-reporting obligations will apply. The new amendment clearly defines those who qualify as beneficial owners of private equity funds: they are primarily those natural persons who directly or indirectly hold together with their close family members at least 25% of the fund’s investment units. Notably, the definition is open to including other types of control and influence as well.

It is however important that, for existing private equity funds (i.e., those registered by January 1, 2025), the obligation to upload UBO data will first apply only in July 2026. This corresponds to the date when the transposition deadline specified by the new AML Regulation adopted by the Council on May 31, 2024, will expire.

It has to be mentioned that, following the judgment of the Court of Justice of the EU passed in a milestone case in late 2022 (joined cases C-37/20 and C-601/20 – WM and Sovim SA v Luxembourg Business Registers), the Hungarian legislator (similarly to several other EU member states) cut off the unconditional publicity of the central UBO-register in 2023. As a result, UBO data of private equity funds uploaded starting from 2025 (or mid-2026) will only be available to the competent authorities and obliged entities. There will also be a possibility for third parties to access this data if they can verify with relevant documentation that they have a legitimate interest in the UBO data for the purposes of anti-money laundering or combatting the financing of terrorism.

By Gyorgy Kiszely, Partner, Nagy & Trocsanyi

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Over the recent years, Greece has taken significant steps in stabilizing its banking sector, owing to several regulatory reforms and a strengthened capital position of its banks. Moody’s revision of the country’s outlook to “positive” in September 2024 is mainly attributed to the recovery of the Greek banking sector and the country’s strong economic performance.

The privatization of the Greek systemic banks marked a key milestone for this positive outcome and a shift toward market-driven governance, stronger operational independence, and improved investor confidence. At this turning point, the country’s alignment with the EU’s climate-neutral economy by 2050 has set the stage for sustainable growth in the banking sector and the wider economy. Additionally, the long-anticipated implementation of the Basel III EU Framework can be instrumental in navigating the Greek banking sector toward a new era of stability and prosperity.

Is Greece Basel III-Ready?

Whilst Basel III introduces stricter standards with respect to capital adequacy, liquidity, and risk management, the Greek banking sector has been progressively aligning with these standards over the past years, demonstrating enhanced resilience and relatively stable capital adequacy. In the first half of 2024, even though banks showed an increase in capital, this was offset by a rise in risk-weighted assets (RWAs). As such, there was a decrease in the Common Equity Tier 1 ratio (CET1) from 15.5% (December 2023) to 15.4%, and the Total Capital Ratio (TCR) remained stable at 18.8%. Although both ratios remain slightly below the EU average (CET1: 15.8% and TCR: 19.9%), liquidity levels are satisfactory, and the impact of Basel III on Greek banks’ capital adequacy ratios is expected to be modest in 2025, even though banks will need to recalibrate their RWA models to ensure compliance with the new standards. However, the management of non-performing loans (NPLs) will remain a critical issue for banks that will require ongoing attention.

NPLs: A Thorn of Grace?

The quality of the banks’ loan portfolios deteriorated slightly in the first months of 2024 mainly because of the addition of certain state-guaranteed loans in the NPL categories, following requirements imposed by the supervisory authorities. This led to an increase in NPL volumes, totaling approximately EUR 0.5 billion. Notwithstanding, the Hercules Asset Protection Scheme (HAPS) has played a crucial role in stabilizing the banking system by facilitating the offloading of NPLs from the banks’ balance sheets through securitization with state guarantees. The Greek government recently extended the scheme (HAPS III), aiming to reduce NPL volumes to EU levels. The extension of the scheme was originally designed to support the so-called “fifth banking pillar,” namely the merger of Attica Bank and Pancretan Bank, by facilitating the securitization of the two banks’ NPL portfolios. It is noted that following the successful merger of the two banks and the upcoming securitization of their NPLs portfolios (valued at approximately EUR 3.7 billion), the merged bank will be able to compete on an equal footing with the four systemic banks, enabling it to serve segments of the Greek market showing increased financing demand, such as small businesses.

At the same time, as the volume and value of NPLs continue to decrease, the secondary market for these loans is expected to grow. A key driver of this growth is the focus on buybacks, where banks reacquire loans that have been successfully restructured, in line with criteria set by the European Central Bank. The risk of these loans, however, becoming non-performing again remains.

A Shift Toward a Green Economy

While the outlook of the Greek banking sector remains positive, its prospects are closely tied to the macroeconomic trajectory of the country, which is further shaped by external factors, such as investments. The country’s green agenda, aligned with the wider EU agenda, plays a crucial role, with initiatives such as the Decarbonization Fund for Greek Islands, aimed at reducing fossil fuel and promoting sustainable energy sources, creating a sea of investment opportunities. An expected increase in investment activity together with regulatory reforms that promote sustainability goals present new opportunities for the banking sector, which is increasingly focusing on green financing and sustainable investments.

Greek banks have started embracing green financing, including financing renewable energy projects and sustainability-linked loans. However, increasing demand for sustainable financing still raises big challenges for banks in terms of ensuring compliance with EU regulations, imposing enhanced compliance and disclosures. Greek banks will need to assess the environmental impact of projects and evaluate their exposure to climate transition risks, particularly in sectors not aligned with carbon reduction goals.

By Marios Bahas, Managing Partner, and George Alexandris, Senior Associate, Bahas, Gramatidis & Partners

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The DORA regulation (Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector) is an essential piece of European legislation aiming to bolster cybersecurity within the EU.

In this effort, it joins the NIS2 directive (Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union). While several types of financial institutions fall under the NIS2 directive, it is primarily DORA that aims specifically at enhancing the operational resilience of the financial sector while establishing a comprehensive framework to ensure that all financial entities regulated under DORA can withstand, respond to, and recover from disruptions and threats related to information and communications technology (ICT).

Supplementing other regulatory frameworks mandated by the EU, DORA (along with NIS2) introduces a unified set of standards for digital operational resilience that regulated financial entities must integrate into their risk management strategies following its applicable date of January 17, 2025.

To Whom Does the Regulation Apply?

To establish a high level of cybersecurity within the EU’s financial system, European legislators decided to include a wide range of financial institutions that will be required – to a greater or lesser extent – to apply the rules and standards introduced by DORA. The list of obliged entities under DORA includes, among others: credit institutions, investment firms, insurance and reinsurance undertakings, payment and electronic money institutions, managers of alternative investment funds, UCITS management companies, crypto-asset service providers, crowdfunding service providers, and ICT third-party service providers.

The entities subject to DORA are recognized as essential to the infrastructure and security of the EU’s financial system. As such, they are expected to maintain a high level of digital operational resilience to protect both the financial markets as well as their participants.

Obligations Under DORA

Entities subject to DORA are expected to comply with a range of requirements imposed by the regulation, including various technical, organizational, and legal measures. The core obligations to be implemented by the respective entities include: (a) ICT risk management, (b) reporting of cybersecurity incidents to competent authorities, including the establishment of communication channels, (c) regular testing of the digital operational resilience, (d) regular training of employees and managers, and (e) management of risks related to third-party service providers (including setting up key contractual provisions with such providers).

In addition to these core obligations, financial institutions may also (under certain conditions) enter into information-sharing arrangements on cyberthreat information and intelligence, which should further solidify security and cyberthreat awareness across the EU through the sharing of experience with various cyberattacks and their practical solutions.

Czech Implementation of the EU Cybersecurity Regulation

The upcoming Czech implementation of the EU’s cybersecurity regulation comprises several specifics. There is currently a new draft act on cybersecurity being discussed in the Czech Parliament that should implement NIS2 into the Czech legislation and replace the current Act on Cybersecurity that has been in force since 2014. On top of various additional requirements and obligations introduced specifically by the Czech legislator, the draft act also includes several financial institutions in addition to those that are already included under the NIS2, namely payment institutions and e-money institutions, provided they meet specific payment volume criteria.

In addition to the draft Act on Cybersecurity, a new draft Act on Digital Finance has also been introduced, aiming at implementing – or, more specifically, further expanding – the DORA regulation as well as the MICA regulation (Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets) into Czech law. The Act on Digital Finance establishes the Czech National Bank (CNB) as the supervisory authority in relation to the cybersecurity of financial institutions under DORA, with the power to impose remedial measures and fines on the institutions under its supervision. Furthermore, as the general supervisory authority responsible for cybersecurity-related matters will be the Czech National Cyber and Information Security Agency (NCISA), it may in practice pose certain supervisory issues, as several types of financial institutions may fall under the supervision of both the NCISA and the CNB.

By Ondrej Havlicek, Partner, and Martin Svoboda, Associate, Schoenherr

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Turkiye has long had one of the lowest non-performing loan (NPL) rates in Europe, but recent years have seen some ups and downs. Between 2017 and 2020, the rate fluctuated between 3.25% and 3.46%. During the pandemic, the rate dropped significantly as borrowers benefited from extended loan payment schedules. Thereafter, the rate rose briefly before falling below the European Union average of 2.27% in 2023. Since the beginning of 2024, however, rising interest rates have pushed the NPL rate back up, to 1.71%. Experts expect the rate to rise to 2.5% by the end of the year, above the EU average and a challenge for borrowers and lenders.

Turkiye has established a clear regulatory framework for dealing with NPLs. Loans are classified as non-performing if they are overdue for more than 90 days or if a borrower has to take out a new loan to cover missed payments. The framework also includes rules for companies that manage and purchase these loans, called asset management companies. These companies follow specific guidelines on how to operate and how to transfer debts.

The establishment of an asset management company in Turkiye requires the approval of the Banking Regulation and Supervision Agency (BRSA) based on certain requirements prescribed by law. Even after initial approval, they must meet additional conditions, including maintaining experienced management and reliable systems for handling their activities. At least three board members must have seven years’ experience in fields such as law, economics, or banking. If an asset management company fails to meet these requirements, it risks losing its license to operate.

The role of asset management companies is carefully regulated. Their main task is to buy troubled loans from banks and other financial institutions and then work to collect payments. They are prohibited from offering loans or engaging in any other business outside this scope. The transfer of loans must follow a fair and transparent process, often involving a public tender where all bidders are treated equally. This ensures that the process is open and competitive.

Financial institutions transferring loans to these companies are required to inform borrowers of the relevant transfer in question. This includes providing details of the asset management company now handling their debt. Before the transfer is finalized, the relevant institution must provide all relevant information about the loans, such as the amount owed, any legal action taken, and the borrower’s contact details. They must also be prepared to respond to any questions or complaints from borrowers pertaining to the transferred loans.

After taking over the loans, asset management companies must notify the borrowers in writing or electronically. This notification explains key details about the debt, including the amount owed, its origin, and what could happen if it is not paid. When first contacting borrowers, firms must provide this information in a clear and simple way. They must also send a written follow-up to the borrower’s address to ensure transparency. If borrowers are unable to pay or fail to reach an agreement with the company, legal action may be taken to recover the debt. Any payments made during this process must be reported to the authorities to ensure proper records are kept.

Some asset management companies use external service providers to assist with debt collection. However, these companies remain fully responsible for ensuring that all actions are compliant. Contracts with third-party service providers must meet regulatory standards and be available for inspection by the authorities if required. The BRSA closely monitors these companies and can suspend or revoke their license if they fail to comply. Asset management companies must also keep the authorities informed of any major changes, such as opening new branches or changing their business structure.

The Turkish NPL market is increasingly attractive as high interest rates and inflation pressure borrowers. These conditions create opportunities for asset management companies to grow their operations. However, strict regulatory compliance is crucial for maintaining market confidence and smooth operations.

Managing non-performing loans can be complex, but Turkiye’s regulatory framework offers a strong foundation for success. By following these rules and communicating clearly with borrowers, asset management companies can thrive while supporting financial stability.

By Alaz Eker Undar, Partner, CMS

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The Digital Operational Resilience Act (DORA) is a central component of the EU’s Digital Finance Package. The aim is to enhance information and communications technology (ICT) security and digital operational resilience in the financial sector. Financial institutions and ICT service providers have until January 17, 2025, to fully implement the requirements.

What Is DORA?

DORA creates a unified legal framework to boost financial institutions’ resilience against digital threats in the EU. It applies to most regulated financial institutions, including investment firms, credit and payment institutions, and third-party ICT service providers. Specialized financial institutions with simplified risk management and microenterprises are mostly exempt. The principle of proportionality ensures implementation varies based on size, risk profile, and the complexity of services and operations.

DORA introduces new compliance requirements for financial institutions. Management must oversee ICT risk management, establish governance frameworks, monitor IT risks continuously, and prepare for emergencies. Standardized regulations mandate handling IT disruptions with strict reporting of incidents and regular IT audits.

To prepare for ICT-related incidents, DORA mandates an extensive testing framework to prepare for ICT-related incidents. In particular, institutions in the scope of DORA must maintain and review a robust and comprehensive IT resilience testing program, including threat-led penetration testing to address vulnerabilities. These tests can be carried out by independent internal or external parties. In the case of internal testers, conflicts of interest must be ruled out.

Additionally, DORA is not only applicable to institutions but also covers certain third-party service providers, being undertakings that are providing ICT services to institutions on an ongoing basis. DORA also has extraterritorial reach, requiring entities outside of the EEA that provide ICT services to institutions within the EEA to comply with its regulations. A significant aspect of DORA in this context involves specifying contractual terms that must be included in agreements with ICT suppliers.

While DORA will be implemented alongside existing regulatory guidelines of similar nature (particularly the EBA Outsourcing Guidelines) and essentially elevates some of the rules contained in these guidelines to directly applicable law, there are currently some distinctions between these two frameworks. The EBA is already working on a gap analysis and an update of the EBA Outsourcing Guidelines is expected to be published early next year.

What Challenges Need To Be Considered During Implementation?

DORA requires extensive adjustments to internal processes, risk management, and IT infrastructure by means of investing in new processes and technologies. Small to medium-sized companies can face challenges with providing the necessary human and financial resources to fulfill the requirements. Another difficulty is the process of harmonizing requirements for third-party providers. To date, there are no uniform market standards in this area, particularly among international ICT service providers, which will be very important due to the dependence on external ICT services.

What Are the Benefits?

DORA will significantly enhance protection against cyberattacks, thereby bolstering customer confidence in the financial sector. The framework places a strong emphasis on transparency and accountability, ensuring that customers are well-informed about the operational resilience of financial service providers. This is further underscored by the stringent incident reporting requirements mandated by DORA.

The regulation is also anticipated to foster close collaboration between ICT service providers and financial institutions. This partnership is expected to drive technological innovation, merging the traditional expertise of banking units with the cutting-edge advancements of ICT service providers. This synergy will likely result in superior digital solutions for financial service customers, enhancing the overall quality and reliability of financial services.

Supervision and Sanctions

ICT third-party service providers critical for financial institutions will be supervised by the European Supervisory Authorities (ESAs), with one authority (EBA, ESMA, or EIOPA) as the lead. This designation is based on the institution’s primary financial supervision type. The lead supervisory authority has the right to obtain information, conduct investigations, request the preparation of reports, and make recommendations in order to fulfill its duties.

Financial companies must comply with the DORA framework, which will be monitored by the national competent authorities (e.g., the FMA in Austria). National competent authorities can impose administrative penalties for breaches, defined by national law. Member States may also impose criminal sanctions, ensuring cooperation between law enforcement and the ESAs, with guaranteed information exchange. In Austria, the DORA Implementation Act will take effect on January 17, 2025, imposing administrative penalties of up to EUR 150,000 on officers and managers, and the higher of EUR 500,000 or 1% of annual turnover on institutions.

By Robert Wippel, Partner, and Balint Ozsvar, Associate, Baker McKenzie Austria

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

The Markets in Crypto-Assets Regulation (MiCAR) has just been launched, and this brings big changes for crypto-asset markets in the European Union. MiCAR applies to both crypto-asset service providers (CASPs) and crypto-asset issuers, but it focuses mainly on CASPs due to the higher risks involved with their activities. Each EU member state has the option to set its own transition periods for implementing the CASP regulations.

In Lithuania, the transition period is only five months, starting from January 1, 2025. CASPs must receive licenses as financial market participants until June 1, 2025. This means that any CASP operating in Lithuania (currently there are around 250 CASPs in the country) must obtain a license to continue its activities after that date. Given that Lithuania has always been a crypto-assets start-up hot spot, the CASP licensing process will attract a lot of attention.

Getting a CASP License in Lithuania

Formally, the process of reviewing a CASP license application in Lithuania should take up to 65 working days. This timeline can be extended to 85 working days if there are issues with the documents or application. However, the process will probably take no less than five months because the Lithuanian supervisory authority (the Bank of Lithuania) usually requests more information if the submitted details are incomplete or incorrect.

It is important to note that the Bank of Lithuania places a strong emphasis on the reputation and experience of the people behind the CASP. When applying for a license, CASPs must provide proof of the reputation of their shareholders and managers. The supervisor wants to ensure that these individuals are credible and have the necessary expertise to manage a crypto-asset business.

Additionally, applicants must provide full details about the source of their funds. This includes the shareholder’s business history and the financing scheme used to capitalize the company. The Bank of Lithuania would consider it good practice for a CASP to have a sufficient capital buffer to cover foreseeable and unforeseeable operational losses.

Why Transparency and Reputation Matter

The Bank of Lithuania is very strict when it comes to transparency and accuracy. It will not tolerate shell companies or entities that fail to provide full or correct information. For this reason, CASPs should ensure that all required documents are submitted and that those documents are accurate and clear. The Bank of Lithuania is not only looking at the quality of the application but also the credibility of the people behind the business. Companies with any connection to fraudulent or unethical activities may find their application rejected.

Factors Leading to CASP License Rejection

The Bank of Lithuania has broad powers to refuse a license. This goes beyond the standard provisions of MiCAR. If a CASP fails to meet the licensing requirements or provides misleading information, the Bank of Lithuania can reject the application for objective and justified reasons. The supervisor has the right to refuse a license if the applicant or other persons with close links to the applicant create conditions that prevent the effective exercise of supervisory functions.

Furthermore, the Bank of Lithuania can refuse a license if the laws, regulations, and administrative provisions of a third country governing the applicant or those with close links to it obstruct the effective exercise of supervision. This includes assessing the applicant’s management competence, business model reliability, and ability to manage risks associated with crypto-asset services.

Preparing for the Licensing Process

It is crucial for any CASP looking to operate in Lithuania to prepare thoroughly for the licensing process. Companies should start by ensuring that they have all required documentation ready and that they understand the licensing requirements in detail.

Applicants should pay particular attention to the following elements: (1) reputation checks (ensuring that the company’s shareholders and managers have an impeccable reputation in the industry); (2) clear financial documentation (source of capital and any complex ownership structures); and (3) complete application (all forms and supporting documents are complete and correct before submitting). Given that the Bank of Lithuania places high importance on transparency, applicants should not hesitate to seek legal or regulatory advice if they are unsure about any part of the process.

Conclusion

The upcoming implementation of MiCAR will significantly change how CASPs operate across the European Union. Only licensed entities will be allowed to continue offering crypto-asset services. The licensing process requires more than just submitting an application – CASPs must demonstrate the credibility and experience of their shareholders and managers, disclose the source of their funding, and ensure that their corporate structure is clear and transparent. The Bank of Lithuania is committed to ensuring that only trustworthy and capable entities are allowed to operate in the market.

By Ausra Brazauskiene, Partner, Widen

This article was originally published in Issue 11.12 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.