Bank of Spain Crypto Regulation: A 2024 Compliance Guide

The Spanish financial landscape is evolving rapidly, particularly concerning cryptocurrency and Virtual Asset Service Providers (VASPs). The Bank of Spain (Banco de España) has been steadily implementing stricter regulations to ensure consumer protection, prevent money laundering, and maintain financial stability. This guide provides a comprehensive overview of the bank of spain crypto regulation, focusing on the key requirements for TDLC registration and VASP compliance in 2024.

Key Takeaway 1: The Bank of Spain requires all crypto asset service providers operating in Spain to register with the Central Register of Virtual Asset Service Providers (Registro de Prestadores de Servicios de Activos Virtuales – TDLC).

Key Takeaway 2: Registration involves a thorough vetting process, including demonstrating compliance with AML/CFT regulations, cybersecurity standards, and operational resilience.

Key Takeaway 3: Failure to register and operate without authorization can result in significant fines and legal consequences.

Key Takeaway 4: Ongoing compliance is crucial, requiring regular reporting, updates to security protocols, and adherence to evolving regulatory guidance.

Understanding the TDLC Registration Process

The Registro de Prestadores de Servicios de Activos Virtuales (TDLC) – or Central Register of Virtual Asset Service Providers – is the cornerstone of the bank of spain crypto regulation. It was established in February 2024, following the implementation of Law 3/2022, of January 14, regulating the marketing of crypto assets. Any entity offering services involving crypto assets in Spain must obtain authorization from the Bank of Spain and be registered in the TDLC. This includes exchanges, custodians, wallet providers, and any other business facilitating transactions with crypto assets.

The registration process is rigorous and requires extensive documentation. Applicants must demonstrate:

• Financial Solvency: Proof of sufficient capital to operate and cover potential liabilities. The minimum capital requirement is €125,000.
• Robust AML/CFT Policies: Comprehensive anti-money laundering and counter-terrorism financing procedures, aligned with the latest EU regulations.
• Cybersecurity Measures: Implementation of strong cybersecurity protocols to protect user funds and data.
• Operational Resilience: Plans to ensure business continuity in the event of disruptions.
• Good Reputation: Evidence of a clean business record and the integrity of management.

As of May 2024, over 60 companies have registered with the TDLC, but many more applications are still under review. The Bank of Spain is taking a cautious approach, prioritizing thorough vetting to protect the financial system.

What Constitutes a Virtual Asset Service Provider (VASP)?

Determining whether your business falls under the definition of a VASP is the first step towards VASP compliance. The law defines VASPs broadly, encompassing any entity that provides one or more of the following services:

• Custody of virtual assets
• Exchange between virtual assets and fiat currencies (e.g., Euros)
• Exchange between different virtual assets
• Transfer of virtual assets
• Participation in the operation of a trading platform for virtual assets

Even if your business only offers one of these services, you are considered a VASP and subject to the bank of spain crypto regulation. For example, a platform solely focused on facilitating peer-to-peer crypto trades would still be classified as a VASP and require TDLC registration.

Key AML/CFT Requirements for VASPs

Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) compliance is paramount. VASPs must implement comprehensive programs that include:

• Customer Due Diligence (CDD): Verifying the identity of customers and understanding the nature of their transactions.
• Transaction Monitoring: Monitoring transactions for suspicious activity and reporting any concerns to the relevant authorities.
• Reporting Obligations: Submitting Suspicious Activity Reports (SARs) to the Spanish Financial Intelligence Unit (FIU).
• Record Keeping: Maintaining detailed records of all transactions and customer information.

The Bank of Spain expects VASPs to go beyond basic compliance and implement risk-based approaches tailored to their specific business models. Utilizing advanced identity verification solutions, like those offered by Didit, can significantly streamline CDD processes and enhance AML/CFT effectiveness.

The Impact of Law 3/2022 and Future Outlook

Law 3/2022 has fundamentally reshaped the crypto landscape in Spain. It provides a clear legal framework for the regulation of crypto assets and empowers the Bank of Spain to oversee the industry. Looking ahead, we can expect the following:

• Increased Enforcement: The Bank of Spain is actively monitoring the market and taking enforcement action against non-compliant entities.
• Harmonization with EU Regulations: Spain will continue to align its crypto regulations with broader EU initiatives, such as MiCA (Markets in Crypto-Assets).
• Technological Advancements: The Bank of Spain is likely to explore the use of innovative technologies, such as blockchain analytics, to enhance AML/CFT supervision.

How Didit Helps

Didit offers a comprehensive suite of identity verification and compliance tools to help VASPs navigate the complexities of the bank of spain crypto regulation. Our solutions include:

• ID Verification: Automated verification of government-issued IDs from 220+ countries.
• AML Screening: Real-time screening against global sanctions lists and PEP databases.
• Liveness Detection: Robust liveness checks to prevent fraud and ensure user authenticity.
• Workflow Orchestration: Customizable workflows to automate compliance processes.
• Reusable KYC: Allow users to securely share their verified identity across platforms.

By leveraging Didit's platform, VASPs can streamline their compliance efforts, reduce costs, and focus on growing their businesses.

Ready to Get Started?

Staying ahead of the curve in the evolving crypto regulatory landscape is critical. Don't risk non-compliance and potential penalties. Contact Didit today for a demo and learn how our solutions can help you meet the bank of spain crypto regulation requirements. You can also explore our pricing plans and request a personalized demo.