The Credit Service Provider and Credit Purchaser Act (KKG) came into force in Austria on March 18, 2025. Austria is thus implementing the EU Directive 2021/2167 on credit servicers and credit purchasers for the reduction of non-performing loans (Non-Performing Loans Directive) comparatively late - while Germany has been ahead of the curve since December 30, 2023 with its Secondary Credit Market Act. The aim is to facilitate the sale and management of non-performing loans and to better protect affected borrowers. A secondary market for non-performing loans is to be created.

The scope of application of the law includes credit purchasers who are not credit institutions and who purchase claims of a lender from a non-performing loan agreement in the exercise of their commercial or professional activity.

If the credit purchaser uses a credit service provider who collects the debt on behalf of the credit purchaser, this credit service provider will in future require a license from the FMA.

This raises the question of the extent to which the law applies to NPL securitization structures that use a securitization special purpose entity.

In a securitization, receivables, such as loan receivables, are transferred from their original owner (originator, usually a credit institution) to another investor (usually a securitization special purpose entity).

The SSPE is exempt from the licensing requirement if it was established solely for the purpose of carrying out the securitization and is separate from the originator. In this case, it has no organizational or business structure and requires an external service provider for receivables and debtor management. As a rule, the securitization company will use a debt collection agency for debt collection.

The extent to which the KKG applies to the securitization structure depends on whether it is a traditional or synthetic securitization.

The main distinguishing feature is that in the case of a traditional securitization, the originator transfers ownership of the risk positions to a securitization special purpose entity, whereas in the case of a synthetic securitization, ownership of the securitized risk positions remains with the originator.

As a result, the KKG does not apply in the case of a synthetic securitization because in this case the credit service is not provided in the name of the loan purchaser but in the name of the original credit institution (originator).

This is different in the case of a true sale securitization. In this case, ownership of the receivables under civil law is transferred to the loan purchaser. The credit service provider would collect the debt in the name of the loan purchaser and would therefore generally qualify as a credit service provider within the meaning of the KKG.

However, if the debt collection is carried out by a debt collection agency and the debt collection agency manages or holds third-party funds as part of this credit service (§ 94 Z 36 in conjunction with § 118 GewO), the KKG does not apply because a debt collection agency in Austria, unlike a credit service provider, may manage or hold third-party funds.

The KKG itself does not explicitly regulate an exception for the SSPE, but does stipulate that the KKG does not affect the existing legal requirements for the provision of credit services if the level of consumer protection provided for by the KKG is not impaired and the FMA receives the necessary information from the credit service providers. The FMA is empowered to issue an ordinance to determine which documents are involved. The draft of a KKG-FMA regulation should be available soon.

In accordance with the European legal requirements of the Non-Performing Loans Directive, no double reporting should take place for securitization transactions for which mandatory transparency templates are provided. The European Securitization Regulation, which has been applicable since 1 January 2019, already regulates comprehensively and uniformly throughout Europe how securitizations are to be treated by the parties involved. It remains to be seen whether this will be seen by the FMA in the same way or whether more extensive information requirements will be standardized.