Name
Global FinTech Guide
Country _ Name
Spain
SectionTitle
KYC requirements
Body
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The applicable regulations are Act 10 of 28 April 2010, on the prevention of money laundering and terrorist financing (last updated in April 2021), and Royal Decree 304 of 5 May 2014, which approved the Regulations for Act 10/2010.

Act 10/2010 came into force on 30 April 2010.

National regulator or relevant authority for AML controls

The Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences (“Sepblac”) is the Supervisory Authority in matters concerning the prevention of money laundering and terrorist financing.

Customer Due Diligence

Conduct of a typical KYC identification process

The ordinary due diligence measures require formal identification of the parties involved, using verifiable documents (National Identity Document, passport, etc.), unless the transaction in question is for less than €1,000, in which case there is no obligation to confirm identity. In the case of corporate bodies, it is also necessary to identify the beneficial owner, any natural person who controls 25 per cent or more of the share capital or voting rights of the corporate body in question.

In addition to identifying the beneficial owner, information must be obtained from clients regarding their professional or corporate activities, and the business relationship must be continuously monitored.

For certain low-risk transactions, simplified due diligence measures are permitted, while for other transactions or those that involve greater risk, strengthened due diligence measures must be applied.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Yes, it is possible to rely on third parties who are subject to the same Act 10/2010 for the application of due diligence measures, with the exception of the requirement for the continuous monitoring of the business relationship, though the parties are required to sign an agreement in which their respective obligations are formally set down.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

The regulations do not provide for this possibility.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

No licence is required, only that the third party is obliged by law to meet AML regulations.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)


Yes credit institutions
Yes financial institutions
Yes auditors, external accountants, and tax advisors
Yes notaries and other independent legal professionals
Yes other trust or company service providers
Yes estate agents
Yes
BackToCountry
Back to countrySpain2

Authors

Close

Choose country