I. LEGAL FRAMEWORK
1.1 Which main legislative and regulatory provisions govern the banking/financial sector in your jurisdiction?
The banking and financial sector in Bulgaria is governed by a combination of national legislation and directly applicable European Union law. The primary domestic statute is the Credit Institutions Act, which regulates the licensing, operation, and supervision of banks. Other key legislative acts include the Bulgarian National Bank Act, the Payment Services and Payment Systems Act, the Markets in Financial Instruments Act, and the Measures Against Money Laundering Act.
The regulatory framework is further shaped by directly applicable EU regulations and transposed directives, in particular Capital Requirements Regulation (CRR) and Capital Requirements Directive V (CRD V), as well as Payment Services Directive 2 (PSD2) and Markets in Financial Instruments Directive II (MiFID II), which are either directly applicable or transposed into Bulgarian law.
The banking and financial sector in Bulgaria is governed by a combination of national legislation and directly applicable European Union law, forming part of the EU’s single rulebook.
At the national level, the principal statute is the Credit Institutions Act, which regulates the licensing, operation, and supervision of credit institutions. Other key legislative acts include the Bulgarian National Bank Act, which establishes the institutional framework and powers of the central bank, the Payment Services and Payment Systems Act, the Markets in Financial Instruments Act, the Measures Against Money Laundering Act, and the Recovery and Resolution of Credit Institutions and Investment Firms Act.
At the EU level, the framework is primarily defined by directly applicable regulations, most notably the Capital Requirements Regulation (CRR), complemented by directives transposed into Bulgarian law, including the Capital Requirements Directive V (CRD V), the Payment Services Directive 2 (PSD2), and the Markets in Financial Instruments Directive II (MiFID II).
In addition, the regulatory framework is shaped by the EU Banking Union architecture, including the Single Supervisory Mechanism Regulation (EU) No 1024/2013, the Single Resolution Mechanism, and the harmonized recovery and resolution regime under the Bank Recovery and Resolution Directive (BRRD), as well as the deposit protection framework established by the Deposit Guarantee Schemes Directive (DGSD).
1.2 Which regulatory bodies are responsible for enforcing the applicable laws and regulations? What are their main competencies? Please refer to the resolution authority as well.
The principal regulatory authorities are the Bulgarian National Bank (BNB) and the Financial Supervision Commission (FSC).
The BNB is responsible for the licensing and prudential supervision of credit institutions, as well as oversight of payment institutions and electronic money institutions. It also plays a central role in maintaining financial stability. As Bulgaria participates in the Banking Union through close cooperation, the BNB works alongside the European Central Bank within the Single Supervisory Mechanism.
The FSC supervises the non-bank financial sector, including capital markets, investment firms, insurance companies, and pension funds.
The BNB also acts as the national resolution authority under the Recovery and Resolution of Credit Institutions and Investment Firms Act. In this capacity, it is responsible for resolution planning, determining minimum requirements for own funds and eligible liabilities (MREL), and applying resolution tools. Where relevant, it cooperates with the Single Resolution Board within the framework of the Single Resolution Mechanism.
1.3 What are the current priorities of regulators, and how does the regulator engage with the finance/banking sector?
As of January 1, 2026, Bulgaria adopted the Euro as its official currency. Thus, the primary focus of Bulgarian financial regulators in 2026 is set on the successful technical and legal management of the accession to the euro area. The Bulgarian National Bank (BNB) and the Financial Supervision Commission (FSC) have transitioned from preparation to active management of the new currency environment.
All regulators are overseeing the automatic conversion of bank balances from lev (BGN) to euro (EUR) at the fixed rate of BGN 1.95583 to EUR 1. Key tasks include managing the dual circulation of both currencies (ending early 2026) and ensuring the transparency of dual pricing, which remains mandatory until August 2026. Meanwhile, BNB continues to use capital buffers, such as the countercyclical capital buffer (set at 2.0%) and the systemic risk buffer, to maintain high capital adequacy levels above the European average. The FSC is executing its Fintech Strategy 2025-2027, focusing on the regulation of crypto-assets (under MiCAR) and promoting financial technologies while ensuring consumer protection.
Apart from the above, having investigated the high inflation after the adoption of the Euro in other countries, the local Commission for Protection of Competition (CPC) has designated the financial sector as a top priority for 2026, specifically looking for market distortions during the euro changeover.
Regulators engage with the finance and banking sector through several formal and informal mechanisms:
Banks are required to submit regular prudential reports based on BNB instructions and circulars. The latter authority performs both on-site and off-site monitoring to ensure compliance with the Credit Institutions Act (CIA).
For the euro transition, the BNB also leads specialized working groups on cash, payment systems, and financial institutions, coordinating directly with commercial bank leadership. It further publishes a quarterly Economic Review to analyze credit aggregates and monetary dynamics, which serves as a benchmark for commercial banks’ own forecasting.
For new digital or crypto-oriented financial businesses, the Financial Supervision Commission holds preliminary meetings and assessment sessions to clarify regulatory documentation requirements.
From a practical point of view, the regulators are focusing their efforts towards implementing several key legal acts, as follows:
DORA
One of the main priorities is strengthening digital operational resilience and cybersecurity. The application of the Digital Operational Resilience Act (DORA) has introduced a comprehensive framework for ICT risk management, incident reporting, and third-party oversight, requiring financial institutions to significantly enhance their internal controls and governance structures.
NIS2
Closely linked to this is the implementation of the NIS2 framework in Bulgaria, through recent amendments to the Cybersecurity Act. This reform expands the scope of regulated entities and introduces stricter requirements, including direct management accountability, enhanced risk management obligations and significant sanctions for non-compliance.
Consumer Protection Act
Another key priority is consumer protection, particularly in areas such as consumer credit, digital onboarding and financial services distribution. Regulators are increasingly focused on transparency, fair treatment of customers and the prevention of over-indebtedness, especially given the growing role of non-bank lenders and digital channels.
AML
At the same time, AML/CFT compliance remains a core supervisory focus, with ongoing expectations for robust customer due diligence, transaction monitoring, and internal controls, particularly in light of digitalization and cross-border financial flows.
Finally, regulators are placing increasing emphasis on governance and fit-and-proper requirements, especially in the context of upcoming EU reforms (e.g., CRD VI), requiring financial institutions to ensure that management bodies meet enhanced standards of expertise, integrity, and diversity.
1.4 How are the competent authorities exercising their supervisory and resolution powers in practice?
The Bulgarian banking regulator – the Bulgarian National Bank is active in supervision but relatively restrained in enforcement, with actions focused primarily on institutions rather than senior individuals. The Bulgarian National Bank regularly imposes administrative measures and fines for prudential breaches, while significant banks are also subject to ECB oversight under the Single Supervisory Mechanism, where enforcement may still be considered targeted and proportionate. Recent trends show increased supervisory attention to governance, risk management, of course, AML/CTF compliance, and emerging areas such as climate-related financial risks. Direct personal enforcement against senior bank executives remains rare, with regulators favoring corrective and preventive supervisory tools over punitive individual sanctions.
II. AUTHORIZATION. SUPERVISION
2.1 What licenses are required to provide financial/banking services in your jurisdiction? What activities do they cover?
Under Bulgarian law, the applicable licensing regime depends on the scope and nature of the activities performed.
The most comprehensive authorization is the banking license, issued by the Bulgarian National Bank (BNB) following a specific procedure under the Credits Institutions Act (CIA). This license allows an entity to carry out the full range of banking activities listed in the CIA, to the extent that such activities are included in the license. Notably, only licensed banks are permitted to accept deposits or other repayable funds from the public, to accept valuables on deposit, and to act as a depositary or trustee institution.
At the same time, a number of financial activities may be carried out by a non-bank financial institution, provided that the relevant authorization or registration is obtained. These include, for example, the provision of payment services, issue and administration of other methods of payment, financial leasing, guarantee transactions, electronic money issuance, trading for own account or for account of customers in foreign exchange and precious metals, money brokering, acquisition and management of participating interests, safe custody services, issuance of asset-referenced tokens, as well as provision of crypto-asset services.
For example, under Bulgarian law, entities that do not intend to take deposits but wish to provide payment-related services must obtain a payment institution license. This license allows the execution of payment transactions, including credit transfers and direct debits, as well as services related to cash deposits and withdrawals from payment account or withdrawals from a payment account, money remittance, and payment initiation services.
A closely related authorization is the electronic money institution license, also issued by the BNB, which enables the issuance of electronic money, in addition to the provision of payment services.
Furthermore, activities related to capital markets (namely, issuance of asset-referenced tokens or provision of crypto-asset services) fall under the supervision of the Financial Supervision Commission and, in accordance with the Regulation 2023/1114 on markets in crypto-assets (MiCA), require a specific licensing procedure. Authorization from the FSC is also required for entities intending to carry out the activity as investment brokers.
Beyond those core categories, Bulgarian law also regulates certain financial activities through registration regimes rather than full licensing. For example, non-banking financial institutions that provide lending using their own funds (rather than taking deposits from the public) must register with the BNB but are not subject to the full banking license requirements.
2.2 What is the procedure for obtaining a financial/banking license? How long does this typically take?
The procedure for obtaining a banking or financial license in Bulgaria depends on the type of activity, but in general it follows a structured administrative process before the competent authority – either the BNB or the FSC.
In case of a banking license, the procedure begins with the submission of a written application by the founders of the bank through the Governor of the BNB or the Deputy Governor in charge of the Banking Supervision Department.
The application shall contain the name, registered office, and headquarters of the bank, the amount of capital and the portion to be paid upon incorporation, and explicitly specify the banking activities the bank intends to carry out. It must be accompanied by a comprehensive set of documents, including the Articles of Association of the bank; a document containing particulars of the subscribed capital and of the shareholders’ contributions; the bank’s plan of activities with exhaustive description of the activities to be performed, customer and product structure, objectives, policy and strategy of the bank, financial forecast of development over a three-year period; a description of the managing and organizational structure of the bank; a description of the internal control systems and the risk management systems, as well as an anti-money laundering program; the names and addresses of the members of the supervisory board and the management board (or of the board of directors) of the bank, as well as information about their qualifications and professional experience; the name/business name and residence/registered office of any persons who or which have subscribed for 3% and more than 3% of the voting shares and of the 20 biggest shareholders; information regarding the beneficial owner of the entities which have direct or indirect qualifying shareholding in the applicant; and other documents specified by regulation or requested by the BNB, needed to establish the circumstances necessary to assess whether the conditions for granting or refusing a license are met.
Prior to making a decision, the BNB conducts a series of checks to verify the completeness and accuracy of the submitted documents and to assess the reliability and financial standing of the applicant. This review aims to ensure compliance with all legal requirements and to determine whether the proposed banking activities guarantee soundness and financial stability.
The BNB issues its decision on the application within three months of receipt of the complete application and all required documents. Within this period, the applicant must demonstrate that the minimum capital of EUR 5 million has been paid, that the persons designated to manage and represent the bank, as well as other administrators, meet the statutory requirements, that suitable premises and the necessary technical equipment have been secured, and that effective risk management, compliance, and internal audit functions have been established.
If the applicant fails to provide evidence that these requirements have been met, the BNB issues a refusal, which is not subject to appeal. The applicant may submit a new application no earlier than 12 months after the refusal comes into effect.
A similar general structure applies to other financial licenses (e.g., payment institutions or electronic money institutions).
Where an entity, the so-called financial institution, intends to carry out activities subject only to registration (rather than licensing) with the BNB, it must submit an application for registration together with a standard registration form. The application must include the applicant’s name, UIC, seat, and registered address, and description of the intended activity. Similar to the banking license procedure, the application must be accompanied by a certified copy of the Articles of Association of the bank, evidence that the required capital has been paid, a list of shareholders, including the number and proportion of the shares held, a list of persons holding indirect qualifying shareholdings; a list of beneficial owners; a list of legal representatives of the entity, financial statements (balance sheets, income statements and where applicable, auditors’ reports) for the previous two years; proof of payment of the supervisory fee and a list of addressed where the activities will be carried out.
The Bulgarian National Bank registers the financial institution within 30 days from receipt of the application and all required supporting documents.
2.3 Can a foreign bank/financial institution operate in your jurisdiction on the basis of its domestic license?
A bank licensed by the competent authorities of another EU member state may provide services in the territory of the Republic of Bulgaria on the basis of its home state license, either directly or through a branch.
By contrast, a bank established in a third country can operate in Bulgaria only through a branch and is required to obtain a license from the BNB following a special authorization procedure.
As regards foreign financial institutions, they may provide services in Bulgaria, provided that they are entered into the relevant register of the BNB upon notification by the competent authority of their home jurisdiction, accompanied by a certificate confirming compliance with the applicable legal requirements.
2.4 What are the restrictions on ownership, including foreign ownership of banks/financial institutions?
The national regulation, in particular the CIA, imposes comprehensive requirements on persons owning 3% and more of the capital of banks in Bulgaria.
Such shareholders are required to submit information to the BNB, including details of their professional and business activity over the preceding five years; a written declaration confirming that the funds used to subscribe for shares are their own; information on the origin of the funds used for the acquisition of the shares, and information regarding taxes paid during the last five years.
Those requirements are designated to ensure the transparency and legitimacy of the source of funds, as well as to assess the reliability, financial soundness, and capacity of the shareholder to provide capital support to the bank.
In general, there are no specific restrictions on foreign ownership of banks or financial institutions in Bulgaria. Exceptions may apply only in cases related to international sanctions regimes.
2.5 What are the requirements for a proposed acquisition and acquirer of a qualified holding in a bank/financial institution? Would the same requirements apply in the case of an increase in a qualifying holding?
Under the CIA, any natural or legal person, as well as persons acting in concert, may not, without prior approval from the BNB, directly or indirectly acquire shares or voting rights in a bank licensed in the Republic of Bulgaria where, as a result of such acquisition, their holding would become a qualifying holding (in the meaning of Regulation 575/2013) or would reach or exceed the thresholds of 20%, 33%, or 50% of the capital or voting rights, or where the bank would become their subsidiary.
In order to obtain such approval, the proposed acquirer (or persons acting in concert) must notify the BNB in writing of their intention to acquire the holding and submit a comprehensive application accompanied by all required supporting documentation. This typically includes information on the applicant’s qualifications and professional experience, references from a competent financial supervisory authority (where a prior assessment of reputation has been conducted), a declaration regarding the applicant’s financial status and assets, details concerning the type, size, and sources of income over the preceding three years, as well as information on banking relationships, including a list of banks where accounts are held.
The BNB grants approval on the basis of the submitted application, supporting documents, and any other available information, provided that the assessment confirms that the proposed acquirer is of good repute and possesses the necessary professional competence, is capable of financing the acquisition, and is financially sound. Furthermore, the acquirer must demonstrate the ability to maintain such financial soundness over a period of at least three years, including the capacity to provide financial support to the bank if required. Approval is also conditional on the absence of any reasonable grounds to suspect involvement in money laundering or terrorist financing based on the information and documentation reviewed.
2.6 Are there any recent or anticipated changes to the licensing or passporting regime that may affect the ability of banks/financial institutions to operate in your jurisdiction?
In connection with the adoption of the euro as the official currency of the Republic of Bulgaria, amendments entered into force on January 1, 2026, concerning the allocation of tasks and competences related to prudential supervision under Regulation (EU) No 1024/2013 between the BNB and the European Central Bank (“ECB”). As a result, legal acts of the ECB now have direct effect with respect to credit institutions licensed in the Republic of Bulgaria.
Further changes are expected in relation to the implementation of CRD VI. The anticipated amendments to the local regulatory framework in this regard will be related to the responsibility of the banks to ensure that members of management bodies and persons holding key positions in a bank have the necessary knowledge, skills, and experience, as well as to guarantee diversity in the qualities and professional experience of such members. The CRD VI draft law envisages that a wider range of circumstances will be taken into account when assessing the reputation of these persons, such as administrative penalties and other measures imposed on the person.
In addition, the draft introduces a more detailed regime governing access to the Bulgarian market by branches of third-country banks. Under this regime, the BNB will classify such branches into categories based on the level of risk they pose to financial stability and market integrity. More stringent requirements will apply to higher-risk and systemically important branches, particularly with regard to capital, liquidity, internal governance, and risk management.
The draft also introduces a requirement for branches to appoint at least two individuals in Bulgaria responsible for the effective management of their activities, who must meet applicable standards of integrity and professional competence.
Finally, new grounds are envisaged for the refusal or withdrawal of a banking licence where there are reasonable grounds to suspect breaches of anti-money laundering and counter-terrorist financing requirements.
III. REGULATORY FRAMEWORK. CAPITAL. LIQUIDITY. CREDIT RISK
3.1 How are banks/financial institutions typically funded in your jurisdiction?
Bulgarian banks and financial institutions are funded through a combination of customer deposits, interbank loans and advances, and, where applicable, debt securities issuance (including covered bonds and senior or non-preferred instruments). Customer deposits provide a stable and relatively low-cost source of funding, while interbank borrowing and capital market instruments supplement funding needs. Shareholders’ equity and retained earnings form the basis of regulatory capital and loss absorption capacity.
In exceptional circumstances, the Bulgarian National Bank (BNB) may provide emergency liquidity assistance (ELA) in accordance with the European System of Central Banks (ESCB) framework and applicable national rules. ELA is typically granted to solvent institutions experiencing temporary liquidity shortages, subject to the provision of adequate collateral and the exhaustion of alternative funding sources. Such assistance is provided on a short-term and renewable basis and is subject to ongoing supervisory assessment. Interest is charged on the ELA, and penalty interest may apply in case of late repayment.
Overall, the funding structure of the Bulgarian banking sector is based on deposit financing, supplemented by market-based instruments, interbank funding, and equity, with emergency liquidity support available where necessary to safeguard financial stability.
3.2 What capital and own funds requirements apply to banks/financial institutions in your jurisdiction?
Under Bulgarian law, capital and own funds requirements applicable to banks are primarily governed by the Credit Institutions Act, in conjunction with directly applicable EU legislation, notably Regulation (EU) No 575/2013 (CRR), as amended (including CRR II), as well as secondary legislation issued by the Bulgarian National Bank (BNB).
The CRD/CRR framework establishes detailed rules on the calculation of capital adequacy ratios, including the Common Equity Tier 1 (CET1) ratio, the Tier 1 capital ratio and the total capital ratio, as well as capital requirements for credit, market and operational risk. Pursuant to Article 92 of the CRR, institutions must maintain a CET1 ratio of at least 4.5%, a Tier 1 capital ratio of at least 6%, and a total capital ratio of at least 8%, each calculated as a percentage of total risk exposure.
The BNB, including within the framework of the Single Supervisory Mechanism where applicable, may impose additional own funds requirements (Pillar 2 requirements) following the Supervisory Review and Evaluation Process (SREP), where it determines that risks are not adequately covered.
In addition to minimum capital requirements, banks must maintain capital buffers in accordance with CRD V and applicable macroprudential measures. These buffers form a combined buffer requirement, and failure to meet them triggers restrictions on distributions, including dividends, variable remuneration, and other capital-related payments.
The composition and eligibility of own funds (CET1, Additional Tier 1, and Tier 2) are strictly regulated under the CRR. Capital instruments must be fully available to absorb losses on a going concern basis and are subject to regulatory criteria and, where applicable, supervisory approval. The BNB applies the relevant guidelines, recommendations, and technical standards issued by the European Banking Authority.
Banks are also subject to requirements regarding the allocation of profits to a statutory reserve fund under the Bulgarian Commerce Act. Distributions are permitted only where prudential requirements are met and are subject to applicable supervisory restrictions.
Furthermore, the Financial Supervision Commission (FSC), acting as the resolution authority for certain investment firms, financial institutions, financial holding companies, and mixed financial holding companies, determines the minimum requirement for own funds and eligible liabilities (MREL) in accordance with Bulgarian legislation transposing Directive (EU) 2014/59 (BRRD), as amended (BRRD II). MREL is expressed as a percentage of both the total risk exposure amount and the total exposure measure, and is calibrated based on the loss absorption and recapitalization needs identified in the resolution plan.
Overall, the Bulgarian regime reflects the harmonized EU prudential framework, supplemented by national supervisory and macroprudential measures aimed at preserving financial stability.
3.3 Has your jurisdiction implemented the Basel III framework? Are there any major deviations?
Bulgaria has implemented the Basel III framework through the EU legislative package (CRR/CRD), which is directly applicable and binding. The framework is applied by the Bulgarian National Bank to credit institutions and by the Financial Supervision Commission to other supervised entities within its remit.
There are no major domestic deviations from Basel III standards, as the prudential regime is largely harmonized at the EU level. However, certain macroprudential measures, such as systemic risk buffers, may be applied at the national level in line with EU law.
3.4 What liquidity requirements (for example, LCR, NSFR, local liquidity ratios) apply to banks/financial institutions, and are there any notable jurisdiction specific features?
Liquidity requirements in Bulgaria are primarily governed by directly applicable EU legislation, including the Liquidity Coverage Ratio (LCR) under Article 412 of the CRR and the Net Stable Funding Ratio (NSFR) under Article 428b of the CRR.
Banks are required to manage their liquidity in a manner that ensures they can meet their obligations as they fall due, both under normal conditions and during periods of financial stress. To this end, they must establish and maintain robust internal liquidity risk management frameworks, in line with applicable regulatory requirements and the guidelines of the European Banking Authority.
In addition to risk-based requirements, banks in Bulgaria are subject to a leverage ratio requirement, set at a minimum of 3% in accordance with Article 429 of the CRR. Compliance is monitored by the BNB as part of its ongoing supervisory activities.
The BNB exercises ongoing supervision over banks’ liquidity positions and may impose enhanced reporting or other supervisory measures where it identifies material liquidity risks. In cases of significant deterioration, banks may be required to report liquidity metrics on a more frequent basis and to implement contingency funding measures.
Where the relevant conditions are met, the BNB may provide emergency liquidity assistance in accordance with applicable Eurosystem and national rules, with a view to preserving financial stability.
IV. REPORTING, ORGANIZATIONAL REQUIREMENTS, INTERNAL GOVERNANCE, AND RISK MANAGEMENT
4.1 What key reporting and disclosure requirements apply to banks/financial institutions in your jurisdiction?
Banks and financial institutions in Bulgaria are subject to extensive reporting and disclosure requirements, aimed at ensuring transparency and effective regulatory supervision.
At the core of this framework is the obligation of the banks to prepare and publicly disclose their annual financial report, which is subject to independent audit jointly by two audit entities that are registered auditors. In addition, banks are required, on a semi-annual basis, to publish a balance sheet and profit and loss account in at least one national daily newspaper, thereby ensuring public access to key financial information.
Another key area concerns ownership and governance disclosure – banks must notify the BNB of any changes in their shareholding structure, particularly where qualifying holdings are acquired, increased, reduced, or disposed of.
They are also required within 10 days after the relevant decision to inform the BNB of any changes in the composition of their management board and supervisory board, the board of directors, respectively, including the authorization of procurators. Furthermore, the BNB shall be notified of other significant events, such as increases or reductions of the capital, the opening or closing of a branch in the Republic of Bulgaria, the discontinuation of certain banking activities, the incurrence of exposures exceeding 15% of the bank’s own funds or exposures to related parties, as well as amendments to the bank’s articles of association or internal regulations, and the appointment of auditors.
In terms of internal record-keeping, banks are required to maintain detailed credit files for each loan granted. These must include information on the client, the legal basis, terms and conditions, amount of the loan, collateral provided, the decision of the competent body to grant the credit, and any other relevant information concerning the conclusion and performance of the agreement.
Banks are also required to comply with the disclosure requirements of Part Eight of Regulation (EU) 575/2013.
As regards financial institutions, they are required to prepare and submit financial reports to the BNB on a periodic basis, typically every three and six months. They must also adopt and implement internal rules governing their operations, which are subject to submission to the BNB. In addition, such institutions are required to retain, for a minimum period of five years, all accounting records and other documentation relating to their activities, including documents concerning concluded contracts.
4.2 What are the organizational requirements for banks/financial institutions, including with respect to corporate governance? Please briefly describe the requirements and the procedure for assessing the suitability of the members of the management body and key function holders.
As regards organizational requirements and corporate governance of banks, the regulatory landscape in Bulgaria is highly developed and comprehensive.
The applicable legal framework covers, among other things, the organization and risk management of banks, as well as remuneration policies and practices. It also includes detailed rules on capital buffers and the conditions and procedures for their establishment and maintenance. In this context, specific provisions apply in relation to restrictions on dividend and interest payments linked to own funds, mechanisms for mandatory loss coverage by shareholders, and additional measures in cases of actual or potential failure to meet capital buffer requirements.
Extensive requirements are also in place concerning the internal organization, governance, and control systems of banks. These are typically reflected in internal rules, which must set out a clear description of the bank’s management and organizational structure, as well as a comprehensive allocation of powers and responsibilities among administrators and key personnel. The framework further requires the identification of key function holders and the criteria applicable to such roles, together with the bank’s overall strategy and business plan.
In addition, banks must establish robust risk management and control structures, supported by reliable accounting and financial reporting systems. The internal control framework should be effective and include independent risk management, compliance, and internal audit functions. It must also address conflict of interest policies, internal reporting mechanisms for breaches, ethical standards applicable to staff and management, and systems for training, performance evaluation, and incentives, particularly for senior management and employees with control functions.
Further regulatory requirements include the maintenance of minimum reserves with the Bulgarian National Bank, as well as specific rules governing internal exposures, including their identification, monitoring, and reporting.
With respect to governance, all members of management and supervisory boards are subject to prior approval by the Bulgarian National Bank. The assessment focuses on the individual suitability of each candidate, taking into account factors such as reputation, professional qualifications, experience, integrity, independence, and the ability to dedicate sufficient time to the role. The ongoing implementation of CRD VI is expected to further develop and refine these requirements at the national level.
4.3 What are the local rules for loans to the management body and its related parties?
In Bulgaria, loans and other exposures to members of the management body and their related parties are governed primarily by the Credit Institutions Act, which establishes strict rules aimed at preventing conflicts of interest and ensuring prudent risk management.
Such transactions must be carried out on an arm’s length basis and may not be granted on preferential terms. They are subject to prior approval by the competent corporate body (typically the management or supervisory board), with the interested person excluded from deliberation and voting.
Credit institutions are required to adopt and implement internal rules and procedures for the identification, approval and ongoing monitoring of transactions with related parties. Exposures to related parties are typically subject to the large exposure regime under the Capital Requirements Regulation (CRR), including the aggregation of exposures to connected clients and the applicable quantitative limits. Institutions must ensure appropriate documentation, internal controls, and supervisory reporting to the Bulgarian National Bank.
4.4 What are the main legal provisions governing risk management in the banking/financial sector in your jurisdiction?
Risk management in Bulgaria is governed by the Credit Institutions Act, in conjunction with the EU prudential framework, notably the Capital Requirements Regulation (CRR) and the Capital Requirements Directive V (CRD V).
Credit institutions are required to implement comprehensive risk management systems covering all material risks, including credit, market, operational, and liquidity risks. These systems must ensure the identification, measurement, management, monitoring, and reporting of risks and must be supported by sound internal governance arrangements.
Banks must establish independent control functions, including risk management, compliance, and internal audit, and ensure active oversight by the management body.
Further requirements are specified in regulatory technical standards and guidelines issued by the European Banking Authority, which are applied on a “comply or explain” basis and are effectively binding in supervisory practice. Supervisory assessment is conducted through key processes such as the Internal Capital Adequacy Assessment Process (ICAAP), the Internal Liquidity Adequacy Assessment Process (ILAAP), and the Supervisory Review and Evaluation Process (SREP), as implemented by the Bulgarian National Bank in cooperation with the ECB, where applicable.
4.5 What are the legal requirements applicable to banks/financial institutions in combating money laundering and terrorist financing area?
In Bulgaria, the legal framework for combating money laundering and terrorist financing is primarily set out in the Measures Against Money Laundering Act, which implements the relevant EU Anti-Money Laundering Directives, alongside the Measures Against the Financing of Terrorism Act and applicable secondary legislation.
Banks and financial institutions are subject to comprehensive obligations based on a risk-based approach. These include conducting customer due diligence and identifying beneficial owners, applying enhanced checks in higher-risk situations (such as dealings with politically exposed persons), and continuously monitoring business relationships and transactions. Institutions are also required to establish internal policies and controls, appoint AML officers, and ensure regular staff training.
A key element of the regime is the obligation to report suspicious transactions to the Financial Intelligence Directorate of the State Agency for National Security, as well as to maintain records of customer data and transactions for statutory periods. In parallel, institutions must comply with applicable sanctions regimes and screening requirements.
Recent developments reflect a shift towards stricter supervision and greater emphasis on effectiveness, particularly in the context of digital onboarding and automated processes. Bulgarian regulators, including the State Agency for National Security, the Bulgarian National Bank, and the Financial Supervision Commission, increasingly focus on governance, risk assessment, and the practical implementation of AML/CFT measures, in line with evolving EU standards.
4.6 Are there any legal provisions regulating professional banking/financial secrecy in your jurisdiction?
Yes, legal provisions regulating banking and professional secrecy in Bulgaria are primarily set out in the CIA.
Bank secrecy covers all information relating to clients’ accounts, balances, and transactions held by banks in Bulgaria. This information cannot be disclosed or used for personal benefit by bank employees, members of management and supervisory bodies, Bulgarian National Bank officials, or other persons with access to it, all of whom are required to formally commit to confidentiality before starting their duties. Disclosure of bank secrecy is only permitted in limited cases, such as to the Bulgarian National Bank, with the client’s consent, pursuant to a court order, in insolvency proceedings, or in international arbitration cases involving Bulgaria.
In addition, the CIA regulates professional secrecy within the Bulgarian National Bank, covering information obtained or created in the course of banking supervision. This obligation applies to BNB staff and related persons even after their employment ends, and such information may only be used for official purposes or disclosed in anonymised or aggregated form so that individuals or banks cannot be identified.
4.7 Are there any specific environmental, social, and governance (ESG) or sustainability‑related disclosure or risk‑management requirements applicable to banks/financial institutions?
In Bulgaria, ESG and sustainability-related requirements for financial institutions are primarily derived from directly applicable EU legislation, complemented by supervisory expectations at the national and European level.
Financial institutions must comply with disclosure obligations under the Sustainable Finance Disclosure Regulation (SFDR) and the EU Taxonomy Regulation. In addition, the Corporate Sustainability Reporting Directive (CSRD) introduces expanded non-financial reporting obligations, which apply to certain institutions depending on their size and status.
From a prudential perspective, ESG risks are increasingly integrated into the framework established by the Capital Requirements Regulation (CRR), including Pillar 3 ESG disclosure requirements. ESG considerations are further incorporated into governance, strategy, and risk management through guidelines and expectations issued by the European Banking Authority and the European Central Bank, which are applied in the supervisory review process.
At the national level, these requirements are implemented and supervised by the Bulgarian National Bank, and, where relevant, the Financial Supervision Commission, with the Accounting Act providing the principal legislative basis for sustainability reporting, while prudential ESG integration remains largely driven by directly applicable EU law and supervisory practice.
V. TRENDS
5.1 What are the main trends in the banking/finance sector in your jurisdiction?
The banking and financial sector in the country remains stable, supported by the strong capitalization of local banks. The credit institutions maintain high levels of liquidity, which enables them to respond effectively to challenges of various nature, including political and regulatory developments.
Over the past decade, the Bulgarian banking market has undergone a notable consolidation process, marked by a number of mergers and acquisitions. This trend now appears to be approaching its final phase, with possibly one or two additional transactions expected within the next 12-18 months.
Looking more broadly at the financial sector, Bulgaria is increasingly positioning itself as a Fintech hub in Eastern Europe. A growing number of projects are choosing the country as a starting point for their business initiatives, which in turn fosters innovation and contributes to the development of improved services in both B2B and B2C segments.
Another notable feature of the Bulgarian market is the continued growth of consumer lending, driven to a large extent by non-banking financial institutions. These entities play an increasingly active role, particularly in the segment of unsecured and short-term consumer credit, often offering fast and fully digital application processes. Their flexibility and accessibility make them an attractive option for consumers, especially in situations where traditional bank financing is less readily available. At the same time, this segment raises important considerations from a regulatory and risk perspective, including responsible lending practices, transparency of costs, and the prevention of over-indebtedness. As a result, it remains an area of ongoing attention for both regulators and market participants.
5.2 What are the biggest challenges in the banking/finance sector at the moment? How is the regulatory approach in your jurisdiction evolving in response to digitalization (for example, use of AI, cloud outsourcing, digital onboarding, crypto assets)?
The banking and financial sector is currently facing a combination of structural, regulatory, and technological challenges.
Digitalization is reshaping the sector at a rapid pace. Bulgarian banks are investing significantly in digital onboarding, mobile banking and process automation, but this also raises operational and compliance risks, especially in relation to outsourcing and ICT.
From a regulatory standpoint, Bulgaria largely follows and implements the EU framework, and recent developments are strongly driven by European legislation and supervisory expectations.
AI and automation: while there is still no standalone Bulgarian regime on AI in banking yet (only a draft law), institutions are preparing for the application of the EU AI framework and are increasingly expected to ensure transparency and proper risk management when using automated decision-making tools (e.g. in credit assessments).
Cloud outsourcing and ICT risk: this is a major focus area. The expectations under the Digital Operational Resilience framework (DORA) are already influencing supervisory practice. Banks must ensure strict control over outsourcing arrangements, including audit rights, data security, etc.
Digital onboarding: this has seen significant development in Bulgaria, especially following COVID-19. Remote identification is permitted, but remains subject to strict anti-money laundering (AML) requirements. Regulators continue to focus on ensuring that digital onboarding processes are robust and not used to circumvent KYC obligations.
Crypto-assets: the market is developing, although still relatively cautious. The local regulatory framework implementing MiCA was already adopted, and even the first license was issued. The Bulgarian regulators have so far taken a conservative approach in the area, which is not unexpected considering the inherent AML and other risks in the sector.
Cybersecurity and NIS2: another important development is the implementation of the NIS2 Directive, which will significantly strengthen cybersecurity requirements for entities in the financial sector, including certain financial market participants and digital infrastructure providers. In Bulgaria, this will lead to stricter obligations around risk management, incident reporting, and governance, and will require closer coordination between regulatory and supervisory authorities. For banks and financial institutions, NIS2 will complement existing frameworks such as DORA, further increasing the focus on operational resilience and cybersecurity at the board level.
5.3 What are the latest developments in fintech?
The fintech sector in Bulgaria has been developing rapidly in recent years and is increasingly positioning itself as a key driver of innovation in the broader financial ecosystem. The local FinTech-focused NGO – the Bulgarian Fintech Association is consolidating the business-wise dialog with the state regulators towards the establishment of a stable ecosystem with all necessary SandBox and other appropriate growth mechanisms.
Service-wise, one of the most notable developments is the continued expansion and diversification of the fintech ecosystem, particularly in areas such as payments, digital lending, wealth management, and regtech. Bulgaria now hosts a sizeable number of fintech companies, with a strong concentration in Sofia, supported by a well-developed IT sector and access to skilled talent. At the same time, international fintech players are expanding their presence in the country, using Bulgaria as an operational or service hub, which further strengthens the local ecosystem.
Another key development is the growing role of digital identity and remote onboarding solutions. Several local Bulgarian companies are actively competing and contributing to the deployment of eID and trust services, including participation in EU-wide initiatives such as the European Digital Identity Wallet. This is particularly relevant for financial institutions, as it enables fully digital customer journeys while remaining compliant with KYC and eIDAS requirements.
From a regulatory perspective, the most significant recent development is the alignment with major EU digital finance frameworks. In particular:
- The adoption of a national framework implementing MiCA Regulation, including a dedicated Bulgarian act in 2025, introduces a licensing regime for crypto-asset service providers and brings greater legal certainty to the crypto market.
- The implementation of DORA has strengthened requirements around ICT risk management, outsourcing and operational resilience across the financial sector.
In parallel, payments and embedded finance continue to evolve quickly, with fintech companies playing a central role in areas such as instant payments, digital wallets, and API-based services. Increasing attention is also being given to fraud prevention and AML technologies, particularly in light of the growing use of AI-driven solutions in financial services.
A further important development is Bulgaria’s accession to the eurozone as of 2026, which has acted as a catalyst for fintech readiness and innovation. The transition has demonstrated the sector’s technological maturity, with fintech providers successfully adapting systems and offering seamless services such as automatic currency conversion.
Overall, the Bulgarian fintech landscape is characterized by strong growth, increasing regulatory sophistication, and deeper integration within the EU digital finance framework. The main trend going forward is the shift from purely innovative solutions to scalable, compliant, and resilient business models, capable of operating across the EU market.
5.4 What are the latest developments in “buy now, pay later” (BNPL) services?
In Bulgaria, the “buy now, pay later” (BNPL) segment is still developing, but has seen noticeable growth in recent years, driven primarily by e-commerce expansion and changing consumer behavior.
BNPL services are typically offered either by non-bank financial institutions or through partnerships between Fintech providers and licensed lenders. The model is most popular, particularly in retail and online marketplaces, where it is used as an alternative to traditional consumer credit.
From a regulatory perspective, BNPL products currently (usually) fall within the broader framework applicable to consumer credit, depending on their structure. Where the arrangement qualifies as deferred payment or financing, the requirements of the Consumer Credit Directive and the corresponding Bulgarian legislation apply, including rules on transparency, disclosure, and consumer protection.
One of the key developments at the EU level – which will directly impact Bulgaria – is the new Consumer Credit Directive (CCD II). The new framework (when implemented in Bulgaria) is expected to explicitly cover a wider range of BNPL-type products that were previously outside the regulatory scope (e.g., short-term, interest-free payment extensions). This will lead to stricter requirements around pre-contractual information, creditworthiness assessments, and responsible lending.
5.5 What are the latest developments in consumer credit?
The consumer credit market in Bulgaria has been evolving dynamically in recent years, with several notable developments driven by both regulatory changes and market dynamics.
One of the most significant trends is the expansion of the regulatory scope of consumer credit. A new legislative framework, aligned with the revised EU Consumer Credit Directive, is expected to substantially broaden the range of products subject to regulation. This includes short-term loans, interest-free payment arrangements, and “buy now, pay later” models, which were previously only partially regulated or outside the scope.
At the same time, the maximum threshold for regulated consumer credit is being increased, bringing a larger volume of lending activity under stricter oversight.
Another key development is the introduction of much stricter consumer protection requirements. The new framework places strong emphasis on transparency and responsible lending, including more detailed rules on advertising, clearer pre-contractual information, and explicit prohibitions on misleading or aggressive commercial practices.
In practice, this is particularly relevant for non-bank lenders, who have been very active in the segment of fast and digital consumer lending.
Closely related to this is the increasing regulatory scrutiny of creditworthiness assessments. Lenders are expected to apply more robust checks before granting credit, including in digital and automated environments, which may require adjustments to existing business models relying on speed and simplified onboarding.
A further important development is the regulation of the secondary market for non-performing loans (NPLs). With the adoption of the Law on Credit Servicers and Credit Purchasers in 2025, Bulgaria introduced a licensing and supervisory regime for entities involved in acquiring and servicing NPLs, while also strengthening borrower protection.
This is particularly relevant in the context of consumer credit portfolios, where the transfer and servicing of distressed receivables is becoming more structured and transparent.
From a market perspective, there is also a continued shift towards non-bank financial institutions, which are driving growth in consumer lending, especially in the segment of small, short-term and digitally originated loans. This trend is accompanied by regulatory concerns around potential credit migration to less-regulated entities and the associated consumer protection risks.
Overall, the key development in Bulgaria is the transition from a relatively fragmented and partially regulated consumer credit landscape to a more comprehensive and stricter framework, with a strong focus on transparency, responsible lending and alignment with EU standards.