Banking Regulation 2021

Last Updated December 10, 2020


Law and Practice


finReg360 advises both foreign and Spanish financial clients in the legal areas of security markets, banking, insurance, collective investments, private equity, AML/CTF and fintech. The firm assists leading financial organisations in adapting to regulations; ie, ESG, MiFID II, IDD, PSD2, AIFMD, MCD, GDPR, MAR and SFTR. It assists organisations in incorporating regulated investment firms, collective investment schemes and institutions, payment institutions, investment platforms, crowdfunding and private equity institutions. Additionally, the firm supports regulated entities through its Mystery Shopping and regulatory radar services. Recently, it launched finRegCampus: a platform providing online courses so that regulated entities can easily undertake periodic training in compliance with regulations such as MAR, AML, MiFID, etc. finReg60 boasts a team with proven experience in business and regulatory operational consulting of the financial industry, as well as a specialised tax team to provide advice on all types of tax matters.

Basic Framework

The main regulatory framework of the Spanish banking system is composed of the following regulations:

  • Law 10/2014, of 26 June 2014, involving the management, supervision and solvency of credit institutions – incorporates Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013, on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, known as the Capital Requirements Directive (CRD IV) into the framework;
  • Royal Decree 84/2015, of 13 February, implementing Law 10/2014;
  • Regulation (EU) No 575/2013, of the European Parliament and of the Council of 26th June 2013, on the prudential requirements of credit institutions and investment firms, commonly known as the Capital Requirements Regulation (CRR);
  • Bank of Spain Circular 2/2014 of January 31st, to credit institutions, on the exercise of various regulatory options contained in the CRR (“Circular 2/2014”); and
  • Bank of Spain Circular 2/2016 of February 2nd, to credit institutions, on supervision and solvency, which completes the adaptation of the Spanish legal system to CRD IV.

Bank of Spain Circulars

Additionally, credit institutions must consider the following local regulations:

  • Bank of Spain Circular 4/2020 of 26th 26, on the advertising of banking products and services;
  • Bank of Spain Circulars 2/2020 and 3/2020 of 11th June, to credit institutions, on public and confidential financial reporting standards and model financial statements;
  • Bank of Spain Circular 1/2019 of January 30th, which modifies Circular 8/2015 of December 18th, to the entities and branches attached to the Deposit Guarantee Fund of Credit Institutions, on information to determine the basis for calculating the contributions to the Deposit Guarantee Fund of Credit Institutions; and
  • Bank of Spain Circular 5/2017 of December 22nd, to credit institutions and payment service providers, on transparency in banking services and accountability in lending.

In addition to this framework, banks are affected by existing regulations in other areas, such as:

  • sustainable finance (environmental, social and governance, or ESG);
  • payment services, requiring strong customer authentication and common and secure open standards of communication, payment account switching and the accessing of payment accounts with basic features;
  • mortgages and loans; and
  • anti-money laundering (AML) and counter-terrorist financing.

Supervisory Structure

In Europe, the European Central Bank (ECB), together with the national central banks (NCBs), comprises the European System of Central Banks (ESCB).  All eurozone states participate in the Single Supervisory Mechanism (SSM), which promotes European financial stability.

The ECB is responsible for the prudential supervision of credit institutions as established under Regulation (EU) No 1024/2013. It supervises all EU Member States, regardless of whether they are in the eurozone.

The ECB carries out certain tasks for prudential supervisory purposes, including:

  • granting and withdrawing authorisations;
  • assessing notifications of the acquisition and disposal of qualifying holdings in credit institutions (excluding bank resolutions);
  • performing supervisory reviews in conjunction with the European Banking Authority; or
  • ensuring compliance with governance arrangements.

The Bank of Spain is part of the ESCB. Under the Spanish National Competent Authority, it is also conferred upon with supervisory tasks, such as:

  • receiving notifications in relation to the right of establishment and the free provision of services;
  • supervising credit institutions of third countries, establishing a branch or providing cross-border services within the European Union; and
  • carrying out day-to-day verifications of credit institutions.

Types of Licenses, Activities, and Services Covered

The body responsible for authorising the creation of a credit institution in Spain is the European Central Bank, at the proposal of the Bank of Spain.

The following credit institutions exist in Spain:

  • banks;
  • savings banks;
  • credit co-operatives; and
  • the Official Credit Institute (Instituto de Crédito Oficial, ICO).

Credit institutions are authorised companies whose activity consists of:

  • receiving deposits or other reimbursable funds from the public; and
  • granting loans.

The banking licence is the most complete and broad licence that a financial institution can obtain in Spain. It generally enables an institution to provide every financial service included under Spanish regulations. Predominant examples are:

  • banking services;
  • payment services; and
  • investment services.

Main Conditions for Authorisation

The requirements to obtain authorisation as a credit institution include:

  • incorporation of the company for an indefinite period of time;
  • securing an initial company share capital of no less than EUR18 million;
  • limiting the scope of its corporate purpose contained in the articles of association, according to banking regulations;
  • shareholders owning qualifying holdings must be deemed suitable;
  • no special advantages or compensation are to be reserved for the founders;
  • a board of directors consisting of at least five members: members of the board of directors, managing directors, similar officers, persons responsible for key internal control activities and other key positions, who must comply with suitability requirements;
  • having appropriate administrative and accounting structures, in addition to adequate internal control procedures;
  • having registered offices, effective management and administration in Spain; and
  • having the appropriate procedures and internal control and communication bodies necessary to prevent money laundering and terrorist financing under the terms established in the relevant legislation.

Authorisation Process

The Bank of Spain will submit to the ECB a proposal for authorisation to exercise the activity of a credit institution, following a report by the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences (the Spanish Financial Intelligence Unit, SEPBLAC), the National Securities Market Commission (CNMV), and the Directorate General of Insurance and Pension Funds (DGSFP).

The application for authorisation must be resolved within six months of its receipt by the Bank of Spain, or when the required documentation is complete and, in any event, within 12 months of its receipt. If the application is not resolved within this period, it is understood to have been rejected.

Other Relevant Information

The Bank of Spain has transferred the direct supervision of significant credit institutions to the SSM, but retains that of less significant institutions, on which the SSM exercises indirect supervisory functions. It must be said that even in those cases in which the SSM is directly responsible for supervision, the Bank of Spain participates actively in the supervision of Spanish institutions, and in the supervision of the institutions of other SSM Member States.

The supervision of an institution’s compliance with the rules of conduct and customer protection will vary depending on the services the institution provides. The Bank of Spain will monitor compliance with the banking regulations; the CNMV will monitor stock market regulations; SEPBLAC, the regulations for the prevention of money laundering and terrorist financing; and the DGSFP will monitor the insurance regulations and the distribution of insurance products.

Any legal or natural person, acting independently or with others, that has resolved to purchase or increase, directly or indirectly, a qualifying holding in a Spanish credit institution must notify the Bank of Spain of their decision in advance. This is provided that the percentage of voting rights or capital held is equal to or greater than 20%, 30%, or 50%, and/or that, by virtue of the acquisition, they will come to control the credit institution.

Requirements of the Notification

The above notification must include mention of the below.

Of the potential acquirer, the following must be stated:

  • its identity, its shareholding structure, and the composition of their managing bodies; and
  • its professional and business standing (comprised of the detailed structure of any group of companies to which it belongs; its financial situation and that of any group to which it belongs; any relations, financial or otherwise, between the potential acquirer and the acquired entity and its group; and previous assessments by international AML bodies, in the case of non-EU potential acquirers).

Of the proposed acquisition:

  • the identity of the organisation of which a qualifying holding is to be acquired;
  • the purpose of the acquisition;
  • the amount that is to be acquired, and the manner and place in which the acquisition will be carried out;
  • the effects of the acquisition on the capital and voting rights, before and after the proposed acquisition;
  • the existence of express or tacit concerted action with third parties relevant to the proposed transaction;
  • prior agreements between other shareholders and the organisation of which a qualifying holding is going to be acquired;
  • the financing of the acquisition – origin and availability of financial resources used for the acquisition, and entities through which they will be channelled;
  • the shareholdings that cause a change in the entity’s control and/or the business plan, including information on the strategic development of the acquisition, the financial statements, and other forecasts; and
  • the main modifications the potential acquirer intends to make to the entity of which it is going to acquire a qualifying holding. This includes the acquisition’s impact on corporate governance, structuring, the resources available to the internal oversight bodies, and AML/CTF procedures.

Authorisation Process

The Bank of Spain will evaluate the proposed acquisition of qualifying shareholdings, and will then submit the decision on the proposed acquisition to the ECB for it to be approved or opposed.

If deemed necessary, the Bank of Spain may request additional information from the potential acquirer, to evaluate their proposed acquisition.

In its assessment, the Bank of Spain will request a report from the Spanish AML/CTF authority (SEPBLAC), which includes its complete assessment of the transaction.

In the event that the potential acquirer is a resident of another EU Member State, the Bank of Spain may contact the competent authority in that country to carry out further verifications.

The decision to approve/oppose the transaction must be made within 60 business days of the Bank of Spain’s acknowledged receipt of the application. Otherwise, it will be understood that there is no opposition to the acquisition from the Bank of Spain.

Other Requirements

In addition to the authorisation process detailed above, any person who has acquired, directly or indirectly, a holding in a credit institution in such a way that the percentage held is equal to or greater than 5% must immediately inform the Bank of Spain and the relevant credit institution in writing.

The corporate governance requirements applicable to banks are increasingly demanding. The regulatory authority stresses the importance of the following:

  • the knowledge and experience of board members required to perform their duties (considering the changing nature of financial regulation and the way in which banking services are currently provided);
  • sufficient time commitment by the board members to perform their duties;
  • well-defined, transparent, and coherent lines of responsibility;
  • effective procedures for the identification, management, control and communication of risks;
  • adequate internal control mechanisms; and
  • remuneration policies and practices that are consistent with and promote appropriate and effective risk management.

Recently in Spain, the CNMV has reiterated the need for anti-corruption mechanisms involving top management and the board of directors.

Registration of Senior Management

Regardless of their registration with the Spanish Commercial Registry, the exercise of Senior Management functions at banks requires prior registration in the Senior Management Registry of the Bank of Spain and the ECB.

For that reason, credit institutions must notify the Bank of Spain and the ECB of any new members and provide assurance that they:

  • meet the suitability requirements; and
  • are not subject to any of the limitations or incompatibilities established in the applicable regulations.

Suitability Requirements

Credit institutions must have a board of directors composed of persons who meet the eligibility requirements for the performance of their duties. They must be of acknowledged commercial and professional integrity, have the appropriate knowledge and experience to perform their duties, and be able to exercise good governance of the institution.

The requirements mentioned above must also be applied to directors or their equivalent, as well as to those responsible for internal control functions and other key positions in the day-to-day financial operations of the credit institution. These persons must be of good repute, demonstrating personal, commercial and professional conduct that casts no doubt on their ability to manage the institution. They must be persons with the appropriate educational profile, particularly in the areas of banking and financial services, as well as having practical experience derived from previous positions. They must possess the appropriate knowledge and experience to perform their duties at the credit institution.

In assessing the ability to exercise good corporate governance, potential conflicts of interest and the ability to devote sufficient time to perform the relevant functions will be taken into account.

An assessment of the suitability requirements shall be carried out, both individually and for the entire board.

Roles and Accountability Requirements

In Spain, there is no system like the UK's Senior Management Regime. There is no dual administration system, and the board of directors assumes the functions of management and supervision.

The board of directors has the following functions, which cannot be delegated:

  • monitoring, controlling, and periodically assessing the effectiveness of the corporate governance system, adopting the appropriate measures to resolve its deficiencies when necessary;
  • assuming responsibility for the administration and management of the bank; approving and monitoring the implementation of its strategic goals, risk strategy and internal governance;
  • ensuring the integrity of the accounting and financial information systems, including financial and operational control and compliance with applicable legislation;
  • overseeing the information disclosure process and communications; and
  • ensuring effective supervision of senior management.

In the case of listed banks, the list of tasks that cannot be delegated is longer.

The remuneration requirements in Spain are outlined in Law 10/2014, Royal Decree 84/2015, and Circular 2/2016.

Remuneration Policy and Principles

General principles

As a general principle, credit institutions must have a remuneration policy applicable to all staff (including related agents). This policy must be consistent with sound and effective risk management and refrain from assuming risks that exceed the tolerated level. Additionally, it must be in line with the business strategy, objectives and values, as well as long-term interests, and it must incorporate the measures necessary to avoid any conflict of interest.

Moreover, Spanish regulation provides specific sound remuneration principles for members of senior management, staff whose professional activities significantly affect the credit institution’s risk profile (“risk takers”), staff engaged in control functions, and any employee receiving full remuneration in the same bracket as senior management and risk takers (provided their professional activities have a material impact on the institution’s risk profile).

Variable remuneration

The principles applicable to establishing variable remuneration, which includes stringent requirements, are particularly relevant and apply not only to credit institutions but to all the entities of a banking group. This may create a disadvantaged position for those financial entities (investment firms or management companies) that are not part of a banking group, which may therefore be more flexible and competitive when establishing staff remuneration.

Other requirements

There are also specific requirements for the members of the management board, whose remuneration must be approved by the General Meeting of Shareholders, as well as for compliance and risk management staff.

In addition to those principles, there are reporting obligations to the Bank of Spain, aimed at verifying compliance with the applicable rules.


This is in line with the increasing supervisory scrutiny of the Bank of Spain and other European and local regulators, which, in recent years, have launched a number of initiatives to control and (in some cases) limit banking bonuses.

This supervisory pattern also extends to other sectors, such as the securities market. As such, the CNMV has amended the Good Governance Code of Listed Companies to clarify remuneration for the executive members of the board.


Failure to comply with remuneration requirements in Spain is considered a very serious or serious infringement, depending on the relevance of the specific rules breached or the economic and financial position of the credit institution. Therefore, the sanctions imposed are, in the first instance, a fine, withdrawal of authorisation, and public reprimand, among others, and, in the second instance, a fine and public reprimand.

While these obligations are subject to the principle of proportionality, setting remuneration systems that are aligned with the legal framework and simultaneously capable of attracting talent to a banking group is an increasingly complex task that requires expert advice. It has become an issue of strategy rather than human resources. 

The main AML/CTF requirements in Spain are set out in Law 10/2010 of 28th April, on the prevention of money laundering and terrorist financing (Law 10/2010) and its implementing Royal Decree 304/2014.

The basic requirements contained in these regulations are fairly aligned with the EU AML and counter terrorist financing (AML/CTF) framework and can be summarised as follows:

A few features from certain Spanish requirements are the following:

  • internal controls and procedures (including the obligation to have in place an AML/CTF Manual and an internal risk self-assessment). Under the Spanish regime, the entities’ AML/CTF internal control measures are subject to an annual audit review by an external expert;
  • customer due diligence measures;
  • reporting obligations, which include some local additional requirements for financial institutions such as:
  • monthly systematic reporting to SEPBLAC of specific transactions with certain features; and
  • reporting by credit institution to the Centralised Banking Account Register (Fichero de Titularidades Financieras) of certain information regarding the opening and closing of bank accounts; and
  • record-keeping requirements, which apply for a period of ten years (whereas the EU Directive establishes a five-year term). However, after five years, the documents can only be accessible by the internal control units of the entity and the people in charge of its legal defence.

In September 2018, Law 10/2010 was amended to implement Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015, on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (known as the Fourth AML/CTF Directive or the Directive), which is still ongoing. In this regard, Royal Decree 304/2014 is still pending updates.

Spanish Implementation of the Fourth AML/CTF Directive

The main amendments introduced to Law 10/2010 are the following:

  • covered institutions are required to create an internal whistle-blowing channel to report potential infringements of AML/CTF regulations committed within the institutions;
  • creation by SEPBLAC of a public channel to report breaches of AML/CTF regulations;
  • the definition of ultimate beneficial owner (UBO) and enhanced due diligence measures applicable to politically exposed persons (PEPs) are amended to align them with the Directive;
  • where the group includes several covered institutions, the money laundering reporting officer appointed to SEPBLAC must be a member of the board of directors or a top executive of the group’s parent company; and
  • an increase in the severity of penalties for breaching AML/CTF regulations.

Spanish Implementation of the Fifth AML/CTF Directive

Finally, Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (known as the “Fifth AML/CTF Directive”) has not been implemented yet and it is uncertain when the implementation will take place.

In June 2020, the Spanish Ministry of Economy released a preliminary draft of the implementation bill for public hearing. The draft, among other relevant changes, foresees the creation of a new and unique register overseen by the Ministry of Justice, which will contain all the necessary UBO information of all Spanish companies and legal instruments.

Spain has already been warned by the European Commission for the late implementation of the Fifth AML/CTF Directive.

Regulatory Framework and Administrators

The Spanish deposit guarantee scheme is the Spanish Deposit Guarantee Fund of Credit Institutions (the FGD or the “Fund”), regulated by Royal Decree-Law 16/2011 and Royal Decree 2606/1996.

Royal Decree-Law 16/2011 unified the three deposit guarantee schemes that existed (one for banking establishments, another for saving banks, and a third for credit co-operatives) into a single Deposit Guarantee Fund for Credit Institutions, which maintains the functions and characteristics of the three funds it replaced.

The Fund, which is a legal entity, is managed by a Management Committee with 11 members: one representative from the Ministry of Economic Affairs and Digital Transformation (formerly, the Ministry of Economy), one from the Ministry of Finance, four appointed by the Bank of Spain, and five designated by the associations representing the credit institutions.

Types of Deposits, Depositors, and Limits

The Fund covers:

  • deposits in savings accounts, current accounts, and fixed-term deposits up to the limit of EUR100,000; and
  • transferrable securities and financial instruments up to the limit of EUR100,000, entrusted to a credit institution.

In addition, the Fund also covers the following types of deposits, regardless of their amount, during the three months after the funds have been credited or the deposits have become legally transferable:

  • deposits from real estate transactions involving private residential properties;
  • deposits from one-off payments received by depositors that are linked to marriage, divorce, retirement, dismissal, disability, or death; and
  • deposits concerning insurance payments or indemnity payments for damages due to criminal acts or judicial errors.

These guarantees apply per single depositor, whether they are private individuals or legal entities, regardless of the number and class of monetary deposits they hold with the same credit institution. This limit also applies to depositors holding deposits exceeding the maximum guaranteed amount (EUR100,000, or its equivalent in another currency).

Depositors Excluded from the Coverage

However, not all legal entities qualify as depositors eligible for the guarantee, since the FGD regime excludes, among others, the following from its coverage:

  • deposits made by other credit institutions on their own behalf and in their own name;
  • deposits made by the following institutions and companies:
    1. investment firms;
    2. insurance undertakings;
    3. real estate investment companies;
    4. management companies of (i) undertakings for collective investment in transferable securities, (ii) pension funds, (iii) securitisation funds, or (iv) private equity institutions;
    5. deposits of the entities managed by the management companies mentioned in the paragraph above;
    6. private equity institutions;
    7. financial institutions, as defined in Article 4.1.26 of Regulation (EU) 575/2013, including payment institutions; and
  • deposits held by the institution on behalf of public administrations.

All Spanish credit institutions are mandatory members of the Fund, as are branches in Spain of non-EU credit institutions provided their deposits are not covered by similar regulations in their home country.


The FGD is funded in the following ways:

  • annual contributions required of all Fund members, calculated according to the amount of each institution’s guaranteed deposits and its risk profile;
  • other contributions required by the Fund among the members, distributed according to the base calculation of the contributions and with the limits determined by regulation; and
  • resources raised on the stock markets, through loans, or any other debt transactions.

In any case, if the Fund’s assets are insufficient enough to affect its ability to carry out its functions, it will take the necessary actions to restore them.

Additionally, the deposit guarantee compartment of the Fund may be fed by the payment commitments of the member institutions, provided that such commitments:

  • are fully backed by guarantees of low-risk assets, free of charge and freely available to the Fund; and
  • do not exceed 30% of the total resources available to the compartment.

Royal Decree-Law 16/2011 specifies the sanctioning regime with penalties for those entities not complying with their Fund obligations.

In Spain, there is no specific law regulating bank secrecy. The concept of bank secrecy is less specific in Spain than in other jurisdictions or countries where taxation is lower. Nevertheless, the requirements applicable to this concept are extracted from several laws.

The Spanish Constitution and the Civil Code

The Spanish Constitution guarantees the right to honour, personal and family privacy, and self-image. Therefore, banks must protect the honour, privacy, and image of individuals. 

Similarly, the Civil Code establishes due diligence obligations in contractual relationships.

Consequently, as one of their tasks, bank employees and even the bank itself have the obligation to keep their clients’ banking information confidential under their existing contractual relationship.

Law 10/2014

In addition to the above, credit institutions are required to comply with the requirements of Law 10/2014, which foresees the duty of reservation (commonly referred to as the “secrecy duty”) regarding their clients’ information.

Relationships and Information within Bank Secrecy

According to Law 10/2014, credit institutions must comply with the duty of secrecy regarding all financial client information, including their  balances, positions and transactions. This information cannot therefore be communicated to third parties nor disclosed in any way.

Additionally, under Regulation 2016/679 on data protection (GDPR), credit institutions will include their clients’ personal data in the scope of the bank’s secrecy requirements. Data processors and controllers will also implement measures to ensure that data processing complies with regulations. To that end, Organic Law 3/2018 of 5th December, on Personal Data Protection and Guarantee of Digital Rights, establishes that credit institutions must consider, among others, the risk of losing confidential client data to determine if they need to perform the impact assessment under GDPR.

Permitted Disclosures

Credit institutions will provide information requested by competent national authorities, such as the Bank of Spain, the CNMV, or the DGSFP, enabling these authorities to carry out their supervisory activities. Specific disclosures of information are foreseen in different regulations, such as the following:

Royal Decree of 14 September 1982 enacting the Criminal Prosecution Law

This law foresees a general exception whereby any person who is aware of a crime because of his or her position, function, or profession is obliged to report it immediately to the Public Prosecutor's Office, the competent court, the investigating judge, or the police in the case of flagrant crimes.

Law 10/2014

Information may be disclosed:

  • when the client or the law grants permission to notify a third party;
  • to comply with information requests from the relevant supervisory authorities;
  • to fulfil the obligations under AML/CTF regulation; and
  • to comply with GDPR provisions. In this case,

Organic Law 3/2018 sets forth that the Data Protection Officer will have access to the personal data even if the data is covered under professional secrecy.

Exchanges of information are also exempt from the duty of secrecy between credit institutions belonging to the same consolidated group, according to Law 10/2014.

Organic Law 6/1985 of 1st July, on Judicial Power

This law regulates the obligation of all individual persons and public and private entities to collaborate during judicial processes as required by the courts and tribunals, with the exceptions foreseen by law. In this respect, the Criminal Prosecution Act establishes the following exceptions to providing testimony in the judicial process:

  • the defendant’s relatives in direct ascending and descending lines, and spouses;
  • the defendant’s attorney regarding the facts entrusted to him or her as defender; and
  • the translators and interpreters of the conversations and communications between the above persons.

Common Reporting Standard (CRS) and Foreign Account Tax Compliance Act (FATCA)

CRS is the approved model for members of the Organisation for Economic Co-operation and Development (OECD), and it allows the automatic exchange of financial information between countries for tax purposes. This exchange permits tax administrations of member countries to periodically have tax information on the investments or positions of their taxpayers in financial entities located abroad.

Similarly, FATCA covers a similar data exchange with the Internal Revenue Service of the United States.


Any breach of the duty of secrecy is considered severe, punishable by a fine under Law 10/2014.

Also, aside from disciplinary consequences for the employee, a breach could result in investigations into the liability of both the employee towards the entity, and of the entity towards the client as part of the contractual relationship.

The global frame of reference in the field of banking supervision in Spain is embodied in Basel III, which establishes measures related to risk management, governance, transparency, capital, liquidity and excess leverage.

Basel III has been incorporated into the European Union regulation through:

  • Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, known as CRD IV, modified by Directive 2019/878/EU of 20 May 2019.

This Directive focuses on the access requirements for the activity of credit institutions, the principles of prudential supervision, review processes and capital buffers.

  • Regulation (EU) 575/2013 of the European Parliament and of the Council of 26 June 2013, on prudential requirements for credit institutions and investment firms (CRR), modified by Regulation (EU) 2019/879 of 20 May 2019.

CRR contains the obligations related to own funds and capital requirements, as well as the definitions and requirements on liquidity and leverage. It also contains information disclosure requirements.

Both obligations entered into force on 1 January 2014. These regulations are further detailed in secondary regulations which, in most cases, are developed by the European Banking Authority (EBA).

Incorporation into National Legislation

  • CRR is directly applicable and, although it does not require implementation, it contains provisions that call for national development. To that end, the Bank of Spain published Circulars 2/2014 and 2/2016.
  • CRD IV was implemented in Spain through the approval of:
    1. Royal Decree-Law 14/2013 of 29 November, on urgent measures for the adaptation of Spanish law to European Union regulations on the supervision and solvency of financial institutions (“RDL 14/2013”).
    2. Law 10/2014 of 26 June, on the regulation, supervision, and solvency of credit institutions.

The most notable consequence of the implementation of the RDL 14/2013 is the allowance of certain tax assets to be computed as capital, as is done in other EU Member States.

Lastly, the aforementioned Spanish regulations are currently undergoing a parliamentary process which will amend and align them with the new European requirements (May 2019 amendments).

Objectives of the Regulatory Framework

The fundamental objective is to ensure that entities have sufficient capacity to face unexpected losses as a result of their activity. Therefore, the framework focuses mainly on three aspects:

  • the need for greater quantity and quality of capital;
  • the reduction of procyclicality of banking activity and its influence on capital requirements; and 
  • the avoidance of systemic risk.

Measures Applied to Achieve the Objectives

Modification of minimum capital requirements, including the following

  • Defining the different capital ratios, restricting the elements that are included as capital with greater loss-absorbing capacity (common equity tier 1 or CET1) and giving greater weight to CET1 in the composition of the required minimum equity.
  • Increasing capital deductions and their application mainly on CET1 (this was gradually implemented according to a transitional calendar throughout 2019).
  • Including a capital conservation buffer of 2.5% of risk-weighted assets, seeking to increase the quantity and quality of capital to be used in times of crisis. In the event of non-compliance with this additional requirement, regulation imposes limits on the distribution of profits and repurchase of shares, among others.

Definition of capital buffers

Regulation determines certain buffer tiers and establishes that institutions which (i) do not meet the combined buffer requirements or (ii) distribute CET1, implying reduction to a level where the combined requirement is no longer respected, must calculate the maximum distributable amount of profits.

Leverage requirements

The minimum requirement is 3%, to which 50% of the global systemic entity buffer is added for these entities.

These capital requirements, which determine whether a credit institution can access banking activities, are complemented by additional requirements imposed by the supervisor.

This additional capital requirement (or “supervisory capital”) is specific to each entity as a result of the supervisory review and evaluation process (SREP). The SREP includes a global assessment of the strategies, processes, and risks of credit institutions, and adopts a one-year and three-year vision to determine the amount of capital and liquidity that each institution needs to cover the risks/obligations assumed in a standard scenario; specifically in a sufficiently probable adverse scenario.

Once the SREP has been carried out, the supervisor will notify each entity of its solvency requirements, as summarised below.

  • Total SREP capital requirement (TSCR), which is made up of the minimum capital requirement of Pillar 1 (8%) and the requirement of Pillar 2 (P2R) that must be covered with CET1. This requirement is mandatory for all entities and is used to calculate the maximum distributable amount (MDA).
  • Capital conservation buffer requirement, also taken into consideration for the MDA.
  • Pillar 2 Guidance (P2G) that should be covered with CET1. The P2G is not mandatory. However, the supervisor and the market expect entities to maintain this buffer. As this is a recommendation and is not mandatory, it is not considered for the MDA.

The TSCR, together with the combined capital buffer requirements, form the overall capital requirements (OCR). This “supervisory capital” is obtained by including P2G in the OCR.

Liquidity Risk Management

The following two new indicators have been created to monitor liquidity risk.

Liquidity coverage ratio (LCR)

Institutions are required to hold high-quality liquid assets on their financial statement that can, in crisis situations, be quickly liquidated without significantly affecting the value of the company. The exact components of the LCR are published in Delegated Regulation (EU) 2015/61.

Net stable financing ratio (NSFR)

The NSFR promotes the use of long-term assets covering long-lived assets. Definition is still pending development by the EBA.

A minimum level of 100% is required for both ratios.

Legal Framework

The insolvency, recovery, and resolution of banks are regulated by Law 11/2015 of 18 June 2015 on the recovery and resolution of credit institutions and investment firms (“Law 11/2015”) and its implementing Royal Decree 1012/2015 of 6 November 2015.

They incorporate European regulations, such as the Bank Recovery and Resolution Directive (BRRD) and the Single Resolution Mechanism Regulations (SRM), into Spanish law.

Principal Means of Resolution

Under this legal framework, Spanish regulation holds a model that distinguishes between two functions:

  • preventative resolution, which is the responsibility of the Bank of Spain and the CNMV, for credit institutions and investment firms, respectively; and
  • executive resolution, the responsibility of which falls on the Spanish resolution fund (Fondo de Resolución Ordenada Bancaria, FROB), in relation both to credit institutions and investment firms.

Along with the resolution strategy, the principal means of resolving a failing bank are:

  • The sale of the entity’s business, which the FROB agrees on and executes, transferring the following to any buyer that is not part of a bridge entity:
    1. the shares, equity capital contributions, or instruments issued by the entity subject to resolution; and
    2. all assets, rights, or liabilities of the entity in resolution.
  • The transfer of assets or liabilities to a bridge entity: the FROB may agree and execute the transfer to a bridge entity of:
    1. the shares or other equity instruments issued by the entity subject to resolution;
    2. all or any assets, rights, or liabilities of the entity in resolution.

A bridge entity is a public limited company controlled by the FROB in which it may hold a stake, as well as any other authority or public financing mechanism. The ultimate purpose of the bridge entity is the sale of the bank in question to a third party within the specific period stipulated by the regulations.

  • The transfer of assets or liabilities to an asset management company: the FROB has the power to transfer assets, rights, or liabilities of an entity subject to resolution or a bridge entity to one or more asset management companies.
  • Bail-in: once the pertinent loss-absorption has occurred, the FROB may transform creditors into shareholders and/or reduce the nominal value of their debts, following the rules and procedures established by regulation (in keeping with the creditor hierarchy).

Implementation of FSB Key Attributes of Effective Resolution Regimes (FSB keys report)

Spain has implemented the FSB Key Attributes, as they are closely aligned with the European regulations that have been incorporated into Spanish law.

More specifically, the main objectives and principles of the FSB Key Attributes are established in the Spanish resolution scheme, as follows:

  • resolution authority – as mentioned, Spain has two designated administrative authorities responsible for exercising resolution power over firms within the scope of the resolution regime;
  • resolution powers – as indicated above, the resolution toolkit is the same as established in the FSB keys report;
  • funding of firms in resolution: Spain has privately financed deposit insurance funds in place, as well as a funding mechanism with ex-post recovery from the industry of the costs of providing temporary financing to facilitate the resolution of the firm;
  • legal framework conditions for cross-border co-operation: Spanish authorities have formalised cross-border co-operation agreements;
  • resolvability assessments – the entities are subject to regular resolvability assessments; and
  • recovery and resolution planning: the entities must have a recovery and resolution plan in place, which must be subject to ongoing assessment and updates.

Applicable Rules for Deposits

In relation to the insolvency preference rules applicable to deposits, Spain relies on the Deposit Guarantee Fund for Credit Institutions (Fondo de Garantía de Depósitos de Entidades de Crédito); a private institution in charge of deposit guarantees of up to EUR100,000 per depositor and credit institution.

In this context, Law 11/2015 grants maximum preferential treatment in the hierarchy of creditors to deposits guaranteed by the Deposit Guarantee Fund for Credit Institutions, and a general privilege to all deposits from SMEs and natural persons.

Banks suffer from great regulatory pressure due to a wide range of regulations, both specific to their activities and cross-regulations, such as AML or consumer protection laws. Although the regulatory framework is mostly determined at an EU level, banks must also consider local requirements.

Regulatory requirements have increased since the financial crisis of 2008. Today, European and Spanish legislators are focused on:

  • reviewing the effectiveness of the measures implemented in the past;
  • pushing to harmonise requirements applicable in the financial sector to ensure a level playing field for new and existing players in the EU; and
  • creating new initiatives to complete the Capital Markets Union (CMU) and boost digitisation, while ensuring a sustainable and green economic transition for the EU.

In this context, the analysis of regulatory requirements applicable to banks must consider the fact that banks provide investment services, significantly expanding the number of regulations under assessment. 

Given the foregoing, the authors have highlighted the upcoming regulatory challenges that banks will face in different areas, summarising the main impacts of each one. 

Prudential and Governance Requirements

The modifications to CRD IV and CRR introduced by Directive 2019/878 (CRD V) and Regulation 2019/876, respectively, aim to harmonise the interpretations of certain aspects regulated under CRD IV and adapt the framework to the international standards developed by the Basel Committee on Banking Supervision (BCBS).

In the short term, banks will need to:

  • adapt to the new requirements applicable to remunerations (29 December 2020), which include implementing a gender-neutral remuneration policy;
  • comply with other requirements related to interest risk arising from non-trading book activities (28 June 2021) or combined buffer requirements (1 January 2022); and
  • assign a risk weight of 100% to exposures fully secured by mortgages on immovable property when certain conditions are met, or provide own estimates of Loss Given Default in certain cases (28 December 2020).

MiFID II and Environmental Social and Governance (ESG) Initiatives

Banks have already implemented major changes to adapt to Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014, on markets in financial instruments (MiFID II) introduced in 2018, which were already challenging, especially those related to inducements, research, transparency, costs and charges, and product governance obligations.

The European Commission has reviewed the impact on the industry linked to MiFID II requirements to:

  • ensure that some of the requirements are more proportionate; and
  • reduce the administrative burden created when providing investment services to certain types of counterparties. 

Additionally, the European Commission has proposed certain urgent amendments (also known as quick fixes) to mitigate the administrative burden and support the economy due to the impact of COVID-19.

Quick fixes

The proposal to amend MiFID II includes several modifications that will impact banks’ existing processes and models. These include:

  • phasing out the paper-based default method of communication;
  • introducing an exemption for eligible counterparties and professional clients from cost and charges information;
  • allowing the delayed transmission of information costs when using remote communication channels;
  • alleviations for service reports (such as 10% portfolio losses report);
  • opting in cost benefit analyses for professional investors in the event of product switching;
  • lifting the product governance requirements for simple corporate bonds with make-whole clauses; and
  • suspending the requirement to publish the best execution report.

The date on which the proposed urgent modifications will apply has yet to be determined. However, it seems likely that it will be 31 December 2020.

MiFID II review

In addition to these quick fixes, the European Commission is assessing the effectiveness of MiFID II obligations, especially those related to inducements, research, product governance and others concerning minimum records.

These will also directly impact existing processes and business models adapted to comply with the incentives regime and the prohibitions set out under regulation (stricter in Spain after implementation). Amendments to the requirements concerning minimum records will also affect internal systems, databases, and even agreements with third-party providers.

These aspects will need to be reviewed by investment firms to achieve an effective administrative cost reduction.

In addition to the MiFID II review, banks will need to assess the impact of the European Commission Action Plan on financing sustainable growth, which sets forth several legislative initiatives that, among other actions, will require affected credit institutions to determine their strategic positioning around ESG obligations. Credit institutions must decide whether to embrace the change to a green EU economy and provide support at the outset, ahead of their competitors. However, regardless of positioning or strategy, affected entities will need to adapt to the new obligations, some of which are summarised below.

  • New governance requirements (most applicable as of 10 March 2021)
    1. integrate sustainability risks and factors, defining a specific integration policy;
    2. certain pre-contractual disclosure obligations; and
    3. a remuneration policy that considers sustainability risks, among others.
  • New requirements when providing investment advice and portfolio management (Q1 2021)
    1. integrate ESG factors and risks;
    2. adapt suitability tests; and
    3. update control and governance processes of financial instruments.

Challenges and opportunities

On the one hand, the proposed MiFID II amendments should simplify the provision of investment services by banks and investment firms. On the other hand, ESG initiatives affect several aspects of financial institutions and implement new requirements. However, both MiFID II updates and the new ESG framework could be a great opportunity for these companies:

  • to reduce mid- and long-term costs and increase quality in the provision of services by:
    1. enhancing existing processes;
    2. integrating solutions and simplifying systems/databases; and
    3. improving the end-to-end model; and
  • for market positioning and expansion of their target market by:
    1. standing out from competitors by becoming an ESG reference in the market (benefiting from time-to-market);
    2. increasing the product offering; and
    3. reducing reputational risks.

Capital Markets Union (CMU): European Commission Action Plan

It is also worth noting the European Commission CMU Action Plan since, it could be said, it entails actions that would impact the regulatory framework of financial institutions, among others.

The objective of this Action Plan is to:

  • implement measures that support a green, digital, inclusive, and resilient economic recovery by making financing more accessible to companies;
  • make the EU an even safer place for individuals to save and invest long-term; and
  • integrate national capital markets into a genuine single market.

Some of the most relevant steps for financial institutions are: 

  • a review of the EU securitisation framework for both simple, transparent and standardised (STS) and non-STS securitisation (Q4 2021);
  • a review of the procedures and conditions under which Central Securities Depositaries (CDS) have been authorised to designate credit institutions or themselves to provide banking-type ancillary services (Q4 2021);
  • initiatives towards minimum harmonisation or increased convergence in targeted areas of core non-bank insolvency (Q2 2022);
  • put forward a legislative initiative to lower tax-related costs for cross-border investors and prevent tax fraud, and explore additional ways to introduce a common, standardised, EU-wide system for withholding tax relief at the source (Q4 2022);
  • assess the effectiveness of national loan insolvency systems, analysing the possibility of making legal amendments to reporting frameworks (Q1 2021). This could lead to legal amendments in Q4 2022; and
  • assess the possibility of introducing an EU-wide, harmonised definition of “shareholder”, and clarify the rules governing the interaction between investors, intermediaries and issuers, as regards the exercise of voting rights and corporate action processing (Q3 2023).

Upcoming Spanish Initiatives to Be Considered by Banks

In addition to the amendments of existing regulations and the new regulatory requirements under European regulations described above, banks must monitor Spanish legislative initiatives. These include the following:

The Spanish Financial Transaction Tax Law

The Spanish financial transaction tax law will be applicable as of 15 January 2020.

Although the purchaser of the securities is the taxpayer, in general, the financial intermediary who transmits or executes the acquisition order is affected by the purchase. Therefore, banks will need to review their processes to ensure they identify the transactions and the clients subject to taxation. 

Implementation of the Fifth AML/CTF Directive

Banks will also be impacted by some of the new aspects regulated by the Directive 2018/843 of the European Parliament and of the Council of 30 May 2018, amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (Fifth AML/CTF Directive).

The implementation of the Fifth AML/CTF Directive in Spain is currently in the parliamentary phase, although the implementation deadline ended on 10 January 2020.

Obliged entities, including credit institutions, will need to consider both certain changes introduced by this Directive and the proposed amendments to Spanish Law 10/2010. Aspects subject to change include:

  • the definition of Person of Public Responsibility, now expanded to include persons with regional and local responsibility among political parties;
  • some requirements applicable to the verification of the client entity or electronic signature, adjusted to online identification processes;
  • the external expert, for which a stricter framework has been introduced; and
  • the registry of beneficial owners, which will depend on the Ministry of Justice and will be centralised by the Commercial Registry and the General Notary Council.

Implementation of Directive 2017/828 as regards the encouragement of long-term shareholder engagement (SRD II)

SRD II is designed to encourage long-term shareholders and enhance transparency between investors and companies. This Directive, in the process of being implemented in Spain, will affect banks because they often serve as intermediaries.

According to SRD II, intermediaries will be required, in some cases and upon request from a company, to provide the company with information regarding shareholder identity. SRD II also establishes the obligation of intermediaries to publish their applicable service rates on their websites, to facilitate the exercise or delegation of the rights of representation and voting.

Furthermore, SRD II imposes transparency obligations on institutional investors and asset managers, regarding the extent to which investments are made in shares traded on a regulated market.

A policy of SRD II requires entities to disclose shareholder engagement, describing how shareholder engagement is integrated into their investment strategy. This policy looks to disclose how an entity does the following:

  • monitors investee companies on relevant matters, including strategy, financial and non-financial performance and risk, capital structure, social and environmental impact and corporate governance;
  • conducts dialogues with investee companies;
  • exercises voting rights and other rights attached to shares;
  • cooperates with other shareholders
  • communicates with the relevant stakeholders of investee companies; and
  • manages actual and potential conflicts of interests in relation to their engagement.

Additionally, institutional investors and asset managers are required to publicly disclose, on an annual basis, how their engagement policy is implemented. This must include a general description of voting behaviour, an explanation of the most significant votes, and the use of proxy adviser services. Such disclosures may exclude votes that are insignificant due to the subject matter of the vote or the size of the holding in the company.

The proposed law regarding the encouragement of long-term shareholder engagement (which will implement SRD II) will enter into force 20 days following its publication in the Spanish Official State Gazette.

Requirements applicable to advertising banking and investment products and services

In 2020, banks will need to take into consideration updates to the rules governing the advertisement of banking and investment services and products. The Spanish rules, currently comprising the regulatory framework, are the following:

Bank of Spain Circular 4/2020 on advertising banking products and services (“Circular 4/2020”)

This Circular introduced several modifications to the previous advertising regime. For example, it now includes payment services and foreign entities that carry out commercial activities in Spanish territories though a branch, agent, or under the Freedom to Provide Services regime. It also extends the definition of advertising to that performed on the internet, mobile devices (banners, buttons and pop-ups), social media or direct advertising (letters, emails and coupons). 

Finally, it establishes the need to implement a commercial communications policy (to be approved by the management body), and create and maintain an internal registry of commercial activities.

Though most of the requirements are applicable from 15 October 2020, financial entities will need to create the internal registry six  months after the technical specifications are published by the Bank of Spain.

Proposed Circular from the CNMV Regarding Requirements for Advertising Investment Products and Services

The proposed Circular will enter into force three months after its publication in the Spanish Official State Gazette.

Overall, it is consistent with the definitions, message and format previously established in Circular 4/2020, continuing to set forth the obligation to maintain an internal registry. However, its scope varies in that it now applies to all products, services, and activities under CNMV supervision and to all entities supervised by the CNMV.


The regulatory framework is vast, complex, interconnected and ever-changing. This increases regulatory and reputational risk.

Consequently, banks must ensure that their internal control systems and governance frameworks are reviewed frequently and that synergies are in place to ensure the entity complies in an efficient, proportionate, and safe manner.


Calle Alcalá 85

(+34) 91 049 64 59
Author Business Card

Law and Practice


finReg360 advises both foreign and Spanish financial clients in the legal areas of security markets, banking, insurance, collective investments, private equity, AML/CTF and fintech. The firm assists leading financial organisations in adapting to regulations; ie, ESG, MiFID II, IDD, PSD2, AIFMD, MCD, GDPR, MAR and SFTR. It assists organisations in incorporating regulated investment firms, collective investment schemes and institutions, payment institutions, investment platforms, crowdfunding and private equity institutions. Additionally, the firm supports regulated entities through its Mystery Shopping and regulatory radar services. Recently, it launched finRegCampus: a platform providing online courses so that regulated entities can easily undertake periodic training in compliance with regulations such as MAR, AML, MiFID, etc. finReg60 boasts a team with proven experience in business and regulatory operational consulting of the financial industry, as well as a specialised tax team to provide advice on all types of tax matters.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.