Select Page

Cryptocurrencies have to comply with AML requirements in Spain

by | Identity Verification

Spain has updated its regulations for the cryptocurrency industry and the companies that provide services to it, aligning national regulations with European anti-money laundering and counter-terrorist financing dispositions.

On 28 April, the Council of Ministers published a Royal Decree-Law in the Official State Gazette for the transposition of the 5th European directive on the prevention of money laundering, better known as AMLD5. 

Europe at the forefront of anti-money laundering legislation

The European Union has been developing a legal framework to fight money laundering and identity fraud in digital environments for years, given the constant evolution of techniques used by cybercriminals to destabilise the security of financial systems.

The latest update of the AML directive placed the European Union at the forefront of data protection and security regulations, and its main pillar is the online verification of customers interacting with obliged parties.

Now, companies that want to continue providing services associated with cryptocurrencies in the country must be registered and supervised by the Spanish authorities, as they are included as new obliged parties.

Therefore, anyone providing these services to residents in Spain must be registered with the Banco de España, regardless of where they are located, as well as entities established in Spain and providing these services outside the national territory. 

Among the new obliged entities are:

  • providers of exchange services of virtual currency for fiat currency,
  • electronic wallet custodians
  • cryptocurrency investment funds.

The anonymity of users is now a thing of the past, as companies providing services within the cryptocurrency industry are obliged to identify new customers and to retain and update their information for a period of 10 years.

The due diligence measures of obliged entities shall also apply to existing customers.

What steps should be taken to verify the identity of cryptocurrency customers?

The due diligence measures that companies have to take when identifying their users are:

  • Verification of the customer’s identity by means of a legal identity document provided by the user.
  • Ensuring that the person carrying out the process is who they claim to be and is the person on the identity document provided.
  • Verification of identity through the document base, in order to avoid being blacklisted in terms of money laundering.

Data collected by cryptocurrency companies for the fulfilment of due diligence obligations may not be used for purposes other than those related to the prevention of money laundering and terrorist financing.

In addition, obliged entities will have to notify if any of their clients are carrying out suspicious activities for future investigation.

As an additional measure, this transposition of the fifth directive on money laundering has announced the creation of a single registry system that will include the data of the users of these services, which will be cross-referenced with registers in other European Union countries.


This registration system was approved together with the current European directive in 2018, being implemented in Spain later than planned in 2021.

Mobbeel solutions for the cryptocurrency industry

We know that all this can be a bit overwhelming for those companies that have not adapted to the regulations yet, but there is an opportunity to abandon unfriendly verification processes that force customers to take implausible photos that will also require a subsequent manual review, and to implement technology that focuses on user experience and allows certain verifications and parts of the process to be automated.

Discover our solutions for the cryptocurrency industry and meet all regulatory requirements.

If you are interested in our technology do not hesitate to contact us, and if you liked the article, share it and add value to your followers!