KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

identity documentsnationalitypassport

KYC to onboard international persons

national identity cardpassportnamephotographidentity documents

corporate requirements

regulation form and number,business addressnames and regulation documents

National ID card name

Documento nacional de identidad (DNI) or carné de identidad

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Spanish Law 59/2003, of December 19th, on electronic signature; REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL; Article: The electronic signature in Spain

E-sig law files

What year did the relevant AML laws and regulations become effective?

2010

Further details on AML regime

2010 (pending approval of the new Royal Decree of Law 10/2010)

Who is the regulator for AML controls for Banking

SEPBLAC: (the Executive Service of the Commission for Monitoring Exchange Control Offences)

Link to site

www.sepblac.com

Other financial Services

SEPBLAC: (the Executive Service of the Commission for Monitoring Exchange Control Offences)

Website of Regulator

www.sepblac.com

Financial Sector regulator

www.sepblac.com

Practical Guidance for AML

SEPBLAC Reports and Publications

Practical guidance PDF's

otra_documentacion.htm

Is there a requirement to verify the identity of customers retroactively?

Yes

Retroactive details

Until the issuing of the new Royal Decree for Law 10/2010.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

Last Mutual Report FATF/GAFI (2006

PDF of FATF review

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Yes - one-off transactions (single or linked) under EUR3,000.

What are the requirements for customer identification information for individuals

firms should obtain a national identity document, permission of impeachment sent by the Ministry of Justice, passport or government issued document which includes the customer's full name and photograph. Additionally, firms must verify identification documents of all authorised persons of the account.

Details to be Collected on Corporates

firms should obtain the following: , regulation form and number, business address and professional activity. Additionally, names and regulation documents of all Attorneys should be obtained.

What are the high level requirements around beneficial ownership (identification and verification)?

The law determines that firms may consider it appropriate to verify the identity of appropriate beneficial owners. Where a principal owner is another corporate entity or trust, the firm should take measures to look behind that company or trust and establish the identities of its beneficial owners or trustees. The firm will then judge which of the beneficial owners exercise effective control, and whose identities should therefore be verified.

What circumstances are enhanced customer due diligence measures required?

The law determines that firms will require additional measures of identification for certain business transactions, including private banking, correspondent banking, on-line and telephone banking and currency exchanges. Enhanced due diligence must be applied for some particular clients and products. Detailed requirements for these activities are detailed in Law 10/2010, Section 3, Article 11: in general terms, and Article 16: for products and transactions where anonymous activity is possible.

How should FI's deal with Politically exposed persons

Law 10/2010, Articles 14 and 15 detail the due diligence and monitoring requirements for PEPs.

What enhanced due diligence must be performed for correspondent banking relationships?

Firms should take into account the greater potential for money laundering in a correspondent business relationship. Firms must send an AML questionnaire to their correspondent banks to verify that these banks have measures to control money laundering. Law 10/2010 Article 13 details the requirements for correspondent banking relationships.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Law 10/2010 Article 13 details the requirements for correspondent banking relationships. In particular, point 2 states that “financial entities do not set up relations or correspondent with shell banks”.

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Firms should take account of the greater potential for money laundering in non face-to-face situations. Where a customer approaches a firm remotely (by post, telephone or over the internet), the firm should carry out non face-to-face verification, either electronically, or by reference to identification documents. Requirements for non face-to-face transactions and/or relationships are detailed in Law 10/2010, Article 12.

To whom are SAR's made? (suspicious activity reports)

SEPBLAC: (the Executive Service of the Commission for Monitoring Exchange Control Offences)

Link to website of SAR reporting

www.sepblac.com

Other Suspicious or unusual transactions obligations.

There are two different types of reporting in Spain: Systematic Reporting and Suspicious Transaction Report.

Are there any de-minimis thresholds below which transactions do not need to be reported?

Article 17 of Law 10/2010 states that, the subject will review transactions or operations regardless of the amount.

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Penalties for non compliance with Law 10/2010 requirements are detailed on Chapter VIII, Articles 50, 51, 52, 53, 54 and 55, and Sanctions are detailed from article 56, 57 and 58.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Yes. Spanish Law 10/2010 has widened the scope of industries and activities to be monitored. All entities which have a large number of daily transactions are requested to use automated Suspicious Transaction monitoring technology. Article 17 of Law 10/20120 stated that accurate automated systems must be set up but adapted to the specific industry and Money Laundering risk. For these reasons, it was mandatory for industries such as finance, insurance and online gambling to have automated systems.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Law 10/2010 Article 19 details the requirement for injunctive enforcement.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

aser's prices is the sum of gross value added by all resident producers in the economy plus any product taxes and minus any subsidies not included in the value of the pro

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

N/A

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

N/A

Data Protection for Corporate Data

N/A

Data protection for "sensitive Data" and additional protections.

N/A

Do any restrictions on the transfer of credit reports exist?

N/A

Regulator Acronym

SEPBLAC

Year of last FATF mutual evaluation

2014

Field 67

face-to-face verificationidentification documents face-to-face transactions

National ID card details

compulsory at 14,

Compulsory?

National ID source

https://en.wikipedia.org/wiki/Identity_document

Passport Photo

practical Guidance yes / no

Is there a risk based approach

Legal Requirement

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Yes

Who are SARS made to?

SEPBLAC

shell banks

Yes

EDD for correspondent banking

Yes

Minimum transactions

EUR 3,000.

Min transaction USD

3275

key restrictions

There are no critical restrictions.

Summary

Yes in accordance with Articles 3 and 26. Summary of law Spain’s e-signature law is modeled after the EU Directive on Electronic Signatures. It is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case. It is not necessary for the parties to agree on the use of electronic means for signing such agreements. As long as the recipient accepts the terms and conditions of the agreement by clicking the “I agree” button or sends an email, the agreement should be considered enforceable and such acceptance will be admissible as evidence in court. Note that public authorities may establish additional conditions to impose electronic dates on electronic documents as a means to verify the time that action has been made.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

Law 19/1993 regarding AML. (in force until 30 Mar 2010)

Non financial sector (e.g. casinos, high value goods etc.)

SEPBLAC: (the Executive Service of the Commission for Monitoring Exchange Control Offences)

Does the country have a risk based approach?

Yes - SEPBLAC has been leading work to embed a risk based approach into AML controls, both in terms of firms' legal obligations and their practical implementation. Law 10/2010 reinforces this approach by enlarging the range of industries and activities affected by the updated regulation.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Copies should be certified by an appropriate person, for example an employee of the commercial office.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

N/A

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

N/A