top of page


In response to the growing amount of non-performing loans (NPL’s) within Europe, the subsequent economic and social consequences and hardships due to Covid-19 and the everlasting desire to create a united and uniformed European Economic Area; the European Banking Authority (EBA) has proceeded to the publication of another set of Guidelines, this time focusing on Loan Origination and Monitoring (the Guidelines). As an extension to its previous published Guidelines, the EBA aims to tackle the problems faced within the European and International economic world and fill the gap that exists in relation credit-granting and consumer protection, both of which lie at the heart of the European objectives and agenda.

Brief Summary

The Guidelines were developed in response to the Council of the European Union’s Action Plan on tackling the high level of non-performing exposures. By creating a set of detailed Guidelines on banks, the aim is to address and tackle the issues of transparency and borrower affordability. The objective of the Guidelines is to improve institutions’ practices in relation to credit granting. Furthermore, the obligation incurred on the creditor to assess the creditworthiness of a borrower aims to ensure that creditors’ practices are aligned with consumer protection rules and allow the fair treatment of consumers against the risks of over-indebtedness, bankruptcy and overall encourage responsible lending.

Building on the already existing national practices while addressing the shortcomings of institutions’ credit-granting policies and practices, allows for an easier appreciation and application of the Guidelines and simultaneously achieving the improvement and establishment of a better working framework and the desired consumer protection.

Previous initiatives and guidelines published by the EBA tackle problems around loans once they become non-performing, whereas the Guidelines, focus on enabling the creation of loan originating standards and ensure that newly originated loans are of high credit quality, remaining equally performing in the future.

The Guidelines also take into account the integration of environmental, social and governance related factors and environmentally sustainable lending, anti-money laundering and counter-terrorist financing.

It is essential to note that the Guidelines are neither binding nor directly applicable. They are non-legislative tools (Level 3 regulatory requirements) to promote the consistent application of EU law across its Member-States. The Guidelines are directed to competent authorities, financial market participants and financial institutions, which are however expected to ‘make every effort to comply’ and report so accordingly. Under the ‘comply or explain’ principle, any competent authority that does not comply or does not intent to comply, must inform the EBA of this as well as the reasons for non-compliance.

Brief Evaluation

Although the Guidelines became applicable on 30/06/2021, attention should be given to the 3-part phase of application. Different application dates apply, depending on the date of origination of each loan. For newly originated loans (after 30/06/2021), full application of the Guidelines applies on that day whereas, for pre-existing but renegotiated loans (prior to 30/06/2021) the Guidelines become applicable on 30/06/2022 and their full application will be on 30/06/2024.

One of the major characteristics in understanding and implementing the Guidelines, is its focus on the proportionality principle and differentiation. Institutions should at all levels apply the principle of proportionality accordingly, both in terms of their own size, nature, scale and complexity of their activities but even more in regard to their respective borrowers and their status. As seen both in the structure and content of the Guidelines, they very much focus on the type of borrower and purpose of the loan and all the different categories that are covered within. This encapsulates the intention of creating a framework that differentiates between borrowers and thus contributes to achieving a well-rounded policy area, with greater (consumer) protection, away from a ‘one-fits-all’ approach that limits the performance of institutions, borrowers and the overall European economy. Differentiating between the different classes of borrowers and assets is essential for the correct and justifiable application of these guidelines and the achievement of the main objectives (control the risks associated, ensure overall credit quality of the loan and protect borrowers from irresponsible lending).

Institutions should ensure the close monitoring at all levels and regular review of their policies and procedures, especially in relation to the creditworthiness assessment and the information and data they have, ensuring these remain valid, accurate and representable of the current situation.

Equally important, is for financial institutions to ensure that there is a clear definition and a shared understanding of the different types of borrowers so as to be able to correctly match the candidates in the right category and apply the part that is relevant to them. The Guidelines provide general provisions and then split into sub-categories based on the type of borrower/asset/loan, thus institutions must be aware of the different details and sections applicable in each different type. The use of standardised lists/templates similar to the information contained in the Annexes will enable institutions to easily distinguish between these different types, and thus the different processes and requirements applicable each time.

To summarise, the Guidelines encourage close monitoring and a case-by-case application of the provisions to ensure they are well-suited and proportional to the profile of the borrower and the type of the lending activity, thus tailoring the lending activity to the borrower’s capacity to repay.

24 views0 comments

The new EU Regulation 2016/679 the “General Data Protection Regulation” (“GDPR”), is a European Regulation which has already come into effect and is due to be implemented on the 25th of May 2018 aiming in the creation of a much stricter and tougher data protection regulatory framework of personal data of European Citizens.

The GDPR enhances the protection of European individuals, by making it applicable to all companies and institutions whether located in Europe or not, as long as they processing data of European citizens. Therefore, the criteria for whether the GDPR applies to your company does not depend on whether your company is based within Europe, but on whether your company is in possession, stores or processes data information of EU citizens.

The GDPR consists of 99 Articles and has created unease to many organisations and companies, as they must “get ready” before its implementation. All companies must ensure that their data (the way data is stored, processed etc) is in full compliance with the provisions of the Regulation by the 25th of May 2018.

Non-compliance with the GDPR may have a fatal impact on a company, since contraventions of the Regulation will be punishable by fines of up to either €20 million or 4% of the total annual worldwide turnover of the company, whichever is higher. Thus, it is only natural that businesses are at “unease” in order to make sure that everything is put in place, on time.

However, the GDPR should be seen as a positive way forward, enhancing EU citizen data protection and simultaneously providing all companies with a strategy to possess and process all individual’s information in a more efficient and targeted way. After all…why not?

Steps forward:

• Assess whether the GDPR applies to your company / organization and whether it is subject to its provisions – Is your company, of any size and maturity, in possession or processing data of EU citizens? Then the answer is YES.

• If the answer to the above is YES, then you must increase awareness of the new GDPR within the company, and start by editing all privacy notifications as well as making sure that each individual consents to giving his/her personal information to your company for the specific intended purpose.

• Ensure that the procedure applied in your company is in compliance with the GDPR provisions – the way the data is stored and at which point the information may or has to be deleted.

• Ensure that the procedure applied with regards to electronically shared data is in compliance with the GDPR and make sure that no information / data is processed in a way that may eventually be used by another organization – whether affiliated to your company or not.

• Assess whether you are a “processor” or a “controller” or both!

• Determine whether you need to formally appoint a Data Protection Officer, in order to ensure compliance with the GDPR as well as making sure that the proper infrastructure for identifying, handling and reporting a possible breach of the Regulation is in place.

Although the implementation of the GDPR has “set an alarm”, the reality is that with the correct guidance and professional assistance, setting the adequate basis for compliance with the Regulation can be done, by taking some positive steps.

For more information and consultation on the matter you can contact us on We will be happy to assist you.

56 views0 comments


Welcome visitors to your site with a short, engaging introduction. Double click to edit and add your own text.

Grow Your Vision

Welcome visitors to your site with a short, engaging introduction. 

Double click to edit and add your own text.


Welcome visitors to your site with a short, engaging introduction. Double click to edit and add your own text.

bottom of page