Recent key developments in the area of Spanish financial regulation
Prepared by the Regulation and Research Department of the Spanish Confederation of Savings Banks (CECA)
Royal Decree-law on payment services and other urgent financial matters (Spanish Royal Decree-Law 19/2018, published in the Official State Journal on November 24th, 2018)
Royal Decree-law 19/2018 partially transposes Directive (EU) 2015/2366 (PSD2) and introduces changes to several financial regulations to adapt them for the provisions stipulated in this new piece of legislation and other European regulations. It took effect the day after its publications, with the exception of certain provisions, which will take effect later. This Royal Decree-law has the effect of repealing Spain’s payment services act.
The most significant aspects in relation to payment services are:
  • The regulation of payment initiation and account information services. Both services imply third-party access to the accounts of payment service users.
  • Contracts already entered into will remain valid, without prejudice to the application of provisions that are more favourable for consumers and micro-enterprises.
  • Under certain circumstances, such as when the user is neither a consumer nor a micro-enterprise, the parties may agree not to apply certain provisions regarding transparency, information, rights and obligations.
  • The establishment of the requirements applicable in the area of transparency and information vis-a-vis payment service users and the regulation of the termination of framework contracts and changes in their conditions.
  • Specification of the rights and obligations in relation to the provision and use of payment services, notable among which: (i) the delimitation of payment transaction authorisation; consent to execute and withdrawal of consent and confirmation of the availability of funds; (ii) fine-tuning of the treatment and transfer of data to align with the General Data Protection Regulation (GDPR); and, (iii) the requirement that payment service providers establish a framework with mitigation measures and control mechanisms to manage the operational and security risks as well as a customer attention service for the management of user incidents.
Among the changes implied for other pieces of legislation, the following stand out:
  • Spanish law has been adapted for the Regulation on money market funds by amending Spanish Law 35/2003 on Collective Investment Undertakings.
  • Spanish Law 10/2014 on the regulation, supervision and solvency of credit institutions has been amended to: (i) clarify the treatment of the Spanish branches of institutions of another Member State; (ii) ensure the adequate exchange of information between the Bank of Spain and the competent authorities; (iii) adapt the penalty regime for payment service activities; and, (iv) set up a channel for reporting infractions to the Bank of Spain.
  • Spanish Law 11/2015 on the restructuring and resolution of credit institutions and investment service firms empowers the Fund for Orderly Bank Restructuring (FROB for its acronym in Spanish) to collect ordinary contributions from the Spanish branches of entities domiciled outside of the EU and clarifies its powers as the competent bank resolution authority.
  • Spain’s Corporate Enterprises Act has been amended to exonerate banks from having to apply the right of separation of a shareholder in the event of not paying a dividend. The idea is to guarantee the ability to protect these entities’ solvency.
  • The measures contemplated in the regulations on indices used as benchmark, market abuse, packaged retail and insurance-based investment products (PRIIPs) and securities financing transactions have been added to the Securities Market Act. Among other things, the penalty regime has been adapted and the CNMV, Spain’s securities market regulator, has been designated as the competent authority. Lastly, changes have been made to the client suitability assessment to factor in the requirement to be knowledgeable about their investment experience.
Organic Law on Data Protection and Digital Rights (Spanish Organic Law 3/2018, published in the Official State Journal on December 6th, 2018) Organic Law 3/2018, of December 5th, 2018, on the protection of personal data and guarantee of digital rights adapts Spanish legislation for the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016, (GDPR) and ensures its citizens’ digital rights. It took effect the day after its publication. The following aspects of the new regulation are worth highlighting:
  • It implements the data subject right of access and rights to rectification, erasure, restriction of processing, portability and object.
  • The tacit consent concept has been eliminated; data subjects must provide explicit, affirmative consent. To give consent, data subjects must be aged 14 or over.
  • As for the handling of data of deceased persons, their heirs can request access to or the rectification or erasure of their data, unless expressly prohibited from doing so by the deceased person; executors can also follow the deceased person’s instructions in this respect.
  • The regulation continues to ban the storage of special categories of data, such as data related to data subjects’ ideology, union affiliations, religion, sexual orientation, etc.
  • The principle of transparent data processing has been added such that subjects are entitled to be informed as to how their data is to be handled.
  • Data controllers are newly required to inform the data subject of the channels they may use to exercise their rights. In addition, data controllers and processors are bound by a confidentiality duty that will complement their professional secrecy obligation, and they must assess the risk of personal data processing upfront. The figure of the data protection officer has been reinforced.
  • As for the specific processing of data, the processing of personal data in connection with the breach of money, financial or credit obligations by common credit reporting systems shall be deemed licit, barring evidence to the contrary, when certain requirements are met.
  • The regulation establishes the instances requiring prior authorisation (transfer of personal data to international countries or organisations) and those requiring prior notification. The Spanish Data Protection Agency and the regional authorities may adopt standard contractual clauses and binding corporate rules for the international transfer of data.
  • It stipulates the procedures to be followed in the event of violation of data protection regulations and the applicable penalty regime, as prescribed in the GDPR.
  • Lastly, it regulates citizens’ digital rights and freedoms, such as the neutrality of the Internet, universal access to the Internet, the rights to security and digital education, the right to be forgotten, to data portability, to leave a digital will and to disconnect outside working hours and the protection of minors online.
Royal Decree-law on macroprudential tools (Spanish Royal Decree-law 22/2018, published in the Official State Journal on December 18th, 2018)
Royal Decree-law 22/2018 embodies the recommendations and requirements formulated by various international authorities and organisations, including the IMF, the ESRB and the FSB, regarding the establishment of macroprudential tools. It took effect the day after its publication. This Royal Decree-law has the effect of amending the following pieces of legislation:
  • Spanish Law 35/2003 on Collective Investment Undertakings (CIUs or UCITs) and Spanish Law 22/2014 regulating private equity firms, other closed-end collective investment undertakings and the management companies of closed-end collective investment undertakings, in turn amending the above Law 35/2003, have been amended to empower Spain’s securities market supervisor, the CNMV, to take measures designed to reinforce the liquidity of CIU portfolios and the entities under their management and, specifically, to increase the percentage of assets that must be invested in particularly liquid assets.
  • Spanish Law 10/2014 on the regulation, supervision and solvency of credit institutions has been amended to expand the macroprudential tools available to the Bank of Spain, empowering the latter to:
  • Require the endowment of a countercyclical capital buffer in respect of all the exposures of the entity or group or their exposures in a given sector.
  • Limit the credit institutions’ exposure to specific sectors of the economy when they reach levels considered a source of systemic risk.
  • Establish limits and conditions for the granting of loans and the acquisition of fixed-income securities and derivatives by credit institutions in operations with the private sector in Spain.
  • Spanish Law 20/2015 on the regulation, supervision and solvency of insurance and reinsurance entities has been amended to empower the insurance sector supervisor, the DGSFP, to impose limits on the aggregate exposures of insurance and reinsurance entities to a specific sector or class of assets. It also empowers the regulator to set conditions for the transfer of insurance risks and portfolios by these entities.
  • Lastly, the consolidated text of the Spanish Securities Market Act has been amended to empower the CNMV to impose limits on certain activities carried out by the entities under its supervision in order to prevent the build-up of leverage in the private sector that could jeopardise financial stability.
CNMV Circular amending several circulars regulating the public and regular information reported by CIUs, accounting standards and the
annual financial statements and the confidential statements of private equity firms, CIUs and private equity managers and the Spanish branches of European managers (Circular 5/2018, published in the Official State Journal on December 26th, 2018)
The aim of this Circular, set to take effect on June 30th, 2019, is to enhance the CNMV’s oversight practices. The following Circulars have been amended to this end:
  • CNMV Circular 7/2008 on the accounting rules, annual financial statements and confidential financial statements of investment service firms, CIU management companies and private equity management companies: the companies that manage closed-end collective investment undertakings must now submit their separate annual financial statements before June 30th of the following year. Several parts of the income statement have also been modified.
  • CNMV Circular 11/2008 on the accounting rules, annual financial statements and confidential financial statements of private equity firms: the documentation to be submitted to the CNMV must be sent using electronic channels and the appendix covering the statistical and operational information to be reported by private equity firms has been modified.
  • CNMV Circular 4/2008 on the contents of the quarterly, six-monthly and annual reports published by CIUs and the position statement: two notes have been added for clarification purposes regarding remuneration policies and securities financing transactions, the reuse of collateral and total return swaps in relation to the information reported by real estate investment funds. The reporting template for investment funds has also been replaced.
  • CNMV Circular 1/2010 on the confidential financial statements of investment service firms: an additional rule has been added with a view to gathering confidential information about the activities performed and the company and contact data for European Community managers operating in Spain through branches.
Royal Decree implementing the consolidated text of the Securities Market Act, amending other securities market decrees (Spanish Royal Decree 1464/2018, published in the Official State Journal on December 28th, 2018)
Royal Decree 1464/2018 finalises the transposition of Directive 2014/65/EU (MiFID II) into Spanish law and rounds out the regulatory implementation of Royal Decree-law 21/2017 and the consolidated text of the Spanish Securities Act, enacted via Royal Decree-law 14/2018. It became effective 20 days after its publication.
This Royal Decree implements several aspects of the investor protection features of the Directive on markets in financial instruments (MiFID II) with respect to financial products, the organisational requirements of regulated markets, the organisation and corporate governance of investment service firms and securities market security and efficiency.
As for the legal regime governing regulated markets, the Royal Decree details, among other things, the authorisation regime, the governing bodies, the management of member conflicts of interest and the admission to trading of financial instruments.
As for commodity derivatives, it outlines the maximum size of net positions in these derivatives and the corresponding oversight regime. In addition, it regulates the notification of positions, emission allowances and derivatives on emission allowances.
It regulates the figure of data reporting service provider, outlining the terms and conditions applicable to the Approved Publication Arrangements (APAs), the Consolidated Tape Providers (CTPs) and the Approved Reporting Mechanisms (ARMs).
It has the effect of amending the following regulations:
  • Spanish Royal Decree 948/2001, on investor indemnification systems. The consolidated text of the Securities Market Act has been amended as a result of the modifications introduced via Royal Decree-law 14/2018.
  • The Regulation implementing Law 35/2003, on collective investment undertakings, approved by Royal Decree 1082/2012: amended to reflect the MiFID II provisions regarding the fees that can be charged for financial research services.
  • The scope of application of Royal Decree 1310/2005 (which partially implemented the Securities Market Act) on the admission to trading of securities on official secondary exchanges and the prospectuses required to this end has been amended to eliminate the references to public offerings or the subscription of financial agreements for the shares of the former cajas or savings banks and of the Spanish Confederation of Savings Banks (CECA).
  • The changes made to Royal Decree 217/2008, on the legal regime governing investment service firms and other entities that provide investment services notably include the following:
  • Implementation of the legal regime governing investment service firms (authorisation, activity, organisational and corporate governance requirements, customer asset protection, cross-border operations, product oversight and control, incentives and information obligations vis-a-vis existing and prospective clients, etc.).
  • Implementation of aspects relating to the inducement and retrocession regime in the provision of non-independent advice, independent advice and research by a third party.
  • Establishment of the information that must be provided to existing and prospective clients in relation to the entity that is to provide the investment services, client categorisation, investment products and related costs and charges.
  • Investment service providers that designate agents are banned from establishing tiered remuneration schemes tied to multi-level sales targets to reduce the risk of mis-selling.
  • To safeguard client assets, investment service providers must enter into agreements with third parties providing for the arrangement of the transfer of custodied financial instruments in the event that they encounter financial difficulties.
  • Establishment of new control measures and procedures for authorising the use of clients’ financial instruments (e.g., express, signed consent from the client).
  • Introduction of product supervision and control obligations for investment service firms that produce financial instruments and the corresponding obligations for investment product and service distributors.
  • Investment service firms must designate a single person responsible for the firms’ compliance with their obligations in respect of the safe-guarding of their clients’ financial instruments and funds.    
  • Lastly, Royal Decree 878/2015 on the clearance, settlement and record-keeping of marketable securities represented via book entries has been adapted to reflect the novelties introduced by MiFID II with respect to trading venues.
Bank of Spain Circular amending the Accounting Circular and the Risk Information Register Circular (Circular 2/2018, published in the Official State Journal on December 28th, 2018)
The purpose of this Circular is to adapt the accounting regime applicable to Spanish banks to accommodate the changes deriving from the adoption of IFRS 16 – Leases. It took effect on January 1st, 2019, except for certain provisions that took effect on December 31st, 2018.
The changes in the Accounting Circular relate mainly to the following aspects:
  • The lease accounting treatment has been adapted to reflect the criteria set down in IFRS 16. As a result, lessees will no longer distinguish between operating and finance leases but will rather recognise all leases on their balance sheets, specifically recognising a lease liability and the corresponding right-of-use asset. However, lease agreements with an initial term of 12 months or less and leases of low value may continue to be treated in the same manner as operating leases had been accounted for (lease expense recognised in the income statement on a straight-line basis over the term of the lease or using whatever accrual criterion is most representative of the use of the economic benefits of the leased asset). Lessors, meanwhile, will continue to distinguish between operating and finance leases.
The accounting treatment of sale-and-leaseback arrangements has been adapted for the new lease accounting framework.
  • The public balance sheet templates (separate and consolidated), the rules for the preparation of public balance sheets and income statements and the associated required notes disclosures have been modified accordingly. Certain adjustments have also been made to the confidential separate and consolidated statement templates.
  • Annex 9 has been modified to stipulate that the transactions included in a special debt sustainability agreement that do not yet have to be reclassified as non-performing be identified as refinancing, refinanced or restructured transactions. These new criteria will not apply to transactions performed before effectiveness of the Circular, applying only to those agreed by the banks from January 1st, 2019.
  • As for the first-time application of the new lease accounting criteria, entities have the choice of applying the new standard via full retrospective restatement or availing of a modified retrospective approach with transition relief. Lessees will not have to make any restatements as at January 1st, 2019. 
The modifications made to the Risk Information Register Circular are designed to remedy errors and introduce clarifications and improvements identified during its application, paving the way for a better fit with the information required under the AnaCredit Regulation.
Law amending the Spanish Code of Commerce, the consolidated text of the Corporate Enterprises Act enacted via Royal-Legislative Decree 1/2010 and the Audit Act (Law 22/2015) in respect of non-financial and diversity disclosures (Spanish Law 11/2018, published in the Official State Journal on December 29th, 2018)
This law, which took effect the day after its publication, transposes Directive 2014/95/EU of the European Parliament and of the Council, of October 22nd, 2014, amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and groups. To this end, a number of regulations have been modified, notable among which:
  • The Code of Commerce: adding the obligation on the part of companies required to issue consolidated financial statements to include in their management reports a consolidated non-financial statement when the following circumstances are met: (i) the average number of people employed by the group companies during the year was over 500; and, (ii) they are either considered public interest entities; or during two consecutive years met, at each year-end, at least two of the following circumstances:
  • Total consolidated assets of over 20 million euros.
  • Consolidated annual revenue of over 40 million euros.
  • An average headcount during the year of more than 250 employees.
This new non-financial statement must include the information necessary for an understanding of the group’s development, performance, position and of the impact of its activity relating to, environmental and social matters, among others. The statement may also be included in a separate report.
  • Consolidated text of Spain’s Corporate Enterprises Act, enacted via Royal-Legislative Decree 1/2010: the changes made introduce the obligation that the enterprises so required include a non-financial report in their management reports or draw up a separate report, insofar as the requirements stipulated in the Code of Commerce are met.

    Elsewhere, the required contents of the annual corporate governance report have been modified to include a description of the diversity policy applied in relation to the board of directors and the requirement, should an entity not have one, to provide a reasoned explanation as to why not.

    A number of changes have also been made that affect the timing and form of dividend payments, the right of shareholder separation in the event of no dividend payments and the manner in which monetary equity contribution are certified.
  • Spain’s Auditing Act (Law 22/2015): the amendments made to this act specify the role of the auditor in relation to the non-financial statement and the diversity-related disclosures included by listed companies in their annual corporate governance reports.
  • Spanish Law 35/2003 on Collective Investment Undertakings: changes have been made regarding the information that must be made available to unitholders and shareholders via the corporate website of the investment company or the management company, itemising with respect to the penalty regime, the amounts of the fines, how they will be publicly disclosed and how they will be enforced. Other changes include the addition of the possibility of having a broker intervene between the management company and the marketing entity in sales and marketing activities and the introduction of the requirement that management companies set up internal whistle-blowing channels for their employees.
Three years after effectiveness of this new law, all enterprises with over 250 employees (i) considered Public Interest Entities (except for those qualifying as small- and medium-sized enterprises), or (ii) those that, for two years in a row, as at each year-end, report total assets of over 20 million euros and/or total annual revenue of over 40 million euros, will be obliged to present the consolidated non-financial statement.