AML Compliance in Spain 

AML compliance penalties have made many breaking stories in the news this year, with some European financial institutions making the cut. As these non-compliance fines sometimes reach millions, many countries, including Spain, have increased their focus on strengthening AML measures. Read more to learn how to achieve AML compliance in Spain and fight financial crime more effectively.

Spain ranks among the wealthiest countries in Europe, boasting a highly developed economy that stands as the world’s 15th-largest by nominal GDP and the sixth-largest in Europe. Despite its economic background, Spain is not immune to criminal activities. Criminals often target this nation, aiming to exploit its financial system for fraud and other financial crimes, including money laundering and terrorism financing.

In a recent report, Spain ranks third in terms of threat levels and is experiencing growth in terms of fraud. With the widespread use of digital channels and a 94% internet penetration rate since 2022, chances are that fraudsters will exploit news channels. To counter these threats, the Spanish government has implemented a comprehensive framework for anti-money laundering (AML) and the prevention of terrorism financing (CFT). 

AML compliance in Spain aims to protect the country’s economic system and fulfill global responsibilities in combating financial crime. Additionally, due to the possibility of financial penalties, it’s crucial for businesses to fight money laundering, ensure compliance, and effectively navigate emerging regulatory changes.

The History of AML Compliance in Spain

The FATF reports that Spanish authorities have effectively disrupted the financing of terrorist groups. However, there are still shortcomings in implementing targeted financial sanctions. These limitations hinder the ability to freeze assets associated with terrorism.

As money laundering methods and technologies evolved, adjustments were necessary to enhance the fight against fraud. Back in 1988, Spain incorporated money laundering as a criminal offense into its regulatory framework to combat the pervasive drug trade in the country. Spain broadened the scope of money laundering crimes and intensified penalties through amendments to its penal code in 1995 and 2003.

Compliance with FATF Recommendations Today

According to the Mutual Evaluation Report on Spain’s implementation of anti-money laundering and counter-terrorist financing standards, Spain was found to be “Compliant” with 28 and “Largely Compliant” with 10 of the FATF 40 Recommendations

The FATF Recommendations offer a comprehensive set of measures for countries to address illicit financial flows. This includes establishing robust laws, regulations, and operational measures to empower national authorities in effectively detecting and disrupting financial flows that support crime.

The 40 Recommendations are categorized into seven areas:
  1. AML/CFT policies and coordination
  2. Money laundering and confiscation
  3. Terrorist financing and financing of proliferation
  4. Preventive measures
  5. Transparency and beneficial ownership of legal persons and arrangements
  6. Powers and responsibilities of competent authorities and other institutional measures
  7. International cooperation

Spain’s AML Compliance Regulator

Founded in 1993, the Commission for the Prevention of Money Laundering and Financial Crimes, known as Servicio Ejecutivo de la Comisión de Prevención de Blanqueo de Capitales (SEPBLAC), is Spain’s main regulatory body for AML compliance. Additionally, it functions as the country’s financial intelligence unit (FIU).

In its supervisory capacity, SEPBLAC is tasked with ensuring that financial institutions comply with Spain’s risk-based anti-money laundering and counter-terrorist financing regulations, aligning with “the best international practices.” Serving as the FIU, SEPBLAC manages the reception of suspicious transaction reports (STR) and analyzes financial data for further investigations.

The Regulator of AML Compliance in Spain

Spain’s Take on the Risk-Based Approach (RBA)

The Risk-Based Approach (RBA) entails that countries, competent authorities, and banks recognize, evaluate, and comprehend the risk of money laundering and terrorist financing they face. Subsequently, they implement appropriate mitigation measures commensurate with the identified level of risk.

In Spain, every AML program must be grounded in a thorough risk assessment, as it forms the foundation for the entire program. It’s essential for companies to outline the connections between identified risks and the corresponding procedures, policies, and controls designed to address those risks.

However, there’s no universal AML program. All entities have their own money laundering and terrorism funding risks. That means Spanish entities must design a unique program tailored to their needs, enabling the entities to fulfill responsibilities and implement stronger controls where necessary.

Obliged Entities in Spain

AML compliance regulations in Spain apply to various businesses, including credit companies, investment firms, insurance companies, banks, brokerage companies, securities companies, payment institutions, and money transfer companies

Currently, Spain is recognized for possessing one of the most stringent AML legal frameworks in Europe, exemplified by its AML Law. This legislation mandates companies to retain AML-related records for a decade, a more extended period compared to the five years stipulated in Directive 2005/60/EC. Additionally, concerning enforcement, non-compliance with the Spanish AML Law by foreign service providers in Spain has led to substantial fines, sometimes reaching millions worth of damage. 

The Bank of Spain supervises the country’s financial sector, and its financial intelligence unit, SEPBLAC, regularly audits obliged entities. When a company’s record includes financial crimes, it can naturally harm its reputation and lead to a loss of market share and a decline in customer trust. Additionally, the high risk for money laundering and terrorist financing within these sectors in Spain puts companies under pressure to maintain robust AML programs. 

The Main AML Laws in Spain

The key AML legislation in Spain is Law 10/2010 of 28 April, focusing on the prevention of money laundering and terrorist financing. This framework places risk-based AML compliance responsibilities that include reporting and record-keeping obligations for companies operating in Spain. 

The Main Laws in Spain

EU’s Anti-Money Laundering Directives

Spain, as an EU member, must adopt the EU’s Anti-Money Laundering Directives (AMLDs) into its national legislation. The most recent directive, the Sixth Anti-Money Laundering Directive (6AMLD), introduced a revised definition of money laundering that includes aiding and abetting.

“Aiding and abetting” signifies that individuals helping money launderers can be legally implicated in money laundering crimes. As a result, companies should review and update their AML programs to include measures for detecting and preventing aiding and abetting in money laundering, aligning with the expanded list of predicate offenses. Royal Decree-Law.

Royal Decree-Law

Spain incorporated the provisions of 6AMLD through Royal Decree-Law 7/2021, dated April 27. A Royal Decree-Law is a legal provision with the authority of law in the Spanish legal system. The term “Royal” is used because it holds a state rank, and it’s the King who sanctions, orders the publication, and ensures compliance with the rule. In the subsequent years, various decrees and laws were introduced to provide clarity on AML regulations and combat fraud comprehensively. 

Notably, in the realm of international collaboration, Royal Decree 11/2018 and Law 5/2020 played a crucial role by facilitating the implementation of the EU directives, particularly 4AMLD and 5AMLD

Penalties Under the Criminal Code

The Criminal Code stipulates money laundering penalties in Spain. According to it, the crime of money laundering in Spain can be linked to:

“Anyone who knowingly acquires, possesses, uses, converts, or transfers assets that come from a criminal activity, committed by them or by someone else, or engages in any other act to hide or conceal the illegitimate origin of these assets, or to assist the person involved in the offense or offenses in avoiding the legal consequences of their actions, will face imprisonment ranging from six months to six years and a fine of up to three times the value of the assets.”

For example, if a person commits a money laundering crime and holds a prominent role, they may face extra penalties. These additional penalties include being banned from working in a job, public office, profession, or business for 3 to 10 years. This applies if the person committing the crime is a businessperson, someone in finance, a doctor, a public official, a social worker, a teacher, or an educator, and the crime is related to their job. 

Upcoming Regulations Towards Cryptocurrency

The EU agreed to implement a fresh set of rules for crypto-assets and stablecoins in June 2022, referred to as Markets in Crypto-Assets (MiCA). However, MiCA is set to be implemented in 2024, marking it as the first major jurisdiction globally to establish comprehensive and tailored rules for the cryptocurrency sector.

Additionally, the Transfer of Funds Regulation (TFR) was approved, extending AML/CFT regulations to cryptocurrency service providers. These regulations will become applicable in Spain and throughout the EU in 2024. As a result, businesses in Spain need to update their compliance strategies to address the heightened risk associated with transactions involving virtual assets.

Related: KYC and AML Compliance — Key Differences and Best Practices

How to Comply With AML Laws in Spain?

In accordance with the FATF’s recommendations, Spain mandates businesses to adopt a risk-based approach to AML compliance. This involves evaluating the risk posed by customers and implementing compliance measures that are proportionate to the identified risks.

AML Compliance Measures for Spain

Operating companies in Spain must adopt specific AML controls to stay compliant. These include: 

  • Know Your Customer (KYC). Before establishing business relationships or executing operations, obligated entities must identify beneficial owners and take the necessary steps to verify their identities.
  • Customer Due Diligence (CDD). The Regulation introduces exemptions from the complete application of AML due diligence measures based on the size and economic scale of companies covered by the Spanish AML Law. Specifically, companies with fewer than 10 employees and an annual balance sheet below €2 million are exempt from certain obligations related to internal AML policies, AML bodies, and external expert reviews.
  • Simplified Due Diligence (SDD). The Spanish AML Law allows for the application of simplified due diligence measures for customers or products deemed to pose a low risk of money laundering. In essence, applying simplified due diligence enables companies subject to the Regulation to reduce the level of due diligence measures.
  • Enhanced Due Diligence (EDD). Business sectors, practices, goods, facilities, distribution or marketing networks, business relationships, customers, and operations posing a higher risk of money laundering or terrorist funding should undergo enhanced due diligence.
  • Transaction monitoring. Obligated entities must gather information and continually monitor the intended purpose and nature of their business relationships with customers, including reviewing the operations conducted during that relationship.
  • Record keeping. Spanish AML regulations require obligated entities to keep comprehensive records, including customer identification details, transaction records, and relevant communications. For instance, financial institutions must maintain records of customer transactions, account information, and due diligence documentation for a specified period.
  • Reporting suspicious activity. If a financial institution in Spain identifies a transaction that appears suspicious or inconsistent with the customer’s normal behavior, it must file a Suspicious Activity Report (SAR) with the Spanish supervisory body, SEPBLAC. This report provides details about the suspicious activity and assists authorities in investigating potential illicit financial activities.
  • Appointing a delegate. Obligated entities must appoint a delegate before Sepblac, a Spanish resident working in the company’s administration or management and responsible for meeting information obligations.
  • Establishing an Internal Control Body (OCI). Obligated entities must establish an Internal Control Body, including representatives from all business areas, responsible for enforcing AML and anti-terrorism financing policies and procedures.
  • Employee training. Obligated entities must ensure that their employees are aware of AML laws. To achieve this, they will approve an annual training program on money laundering and terrorism funding prevention.
Related: AML Compliance Program — Step-By-Step Guide

Practical Tools for AML Compliance in Spain

In compliance with the EU’s AMLDs, Spanish firms need to effectively verify their customers and entities with whom they start business relationships and screen them to fulfill ongoing due diligence requirements. This can be a hassle, especially for businesses that use minimal to no automation in their AML compliance workflows. 

At iDenfy, we provide automated RegTech tools to simplify AML compliance for Spanish companies, including solutions for:

1. Customer identity verification

We help you collect identifying information from customers in order to build accurate risk profiles, customize KYC flows based on EDD requirements, and maintain less friction for low-risk users. We offer document verification and selfie verification with built-in liveness detection. On top of that, our in-house KYC specialists can manually review each ID verification in real-time, 24/7, to maintain the highest level of accuracy. 

2. Business Verification

We assist you in verifying that customers are not using shell companies or fraudulent corporate structures to hide their identities and bypass compliance controls. Our Know Your Business (KYB) solution incorporates checks for the ultimate beneficial ownership of customer entities, along with government database verifications and integrated documentation that can be downloaded from a single dashboard.

3. AML Screening

We assist in confirming that customers are not listed on international sanctions or watchlists and are not politically exposed persons (PEPs) through our continuous AML Screening tool. Additionally, we offer adverse media screening, which also helps determine the customer’s risk level. You have the flexibility to customize and set the frequency of screening, identifying entities like other companies, customers, PEPs, UBOs, related parties, etc.

We answer and consult Spanish companies and other global businesses for free. Read our case studies to see our AML solutions in action, or get started right away. 

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.