Regulatory Compliance

    Identification and measurement of process risks

    The Bank must achieve its business objectives while complying not only with regulations, but also with the best international and national practices and standards required of its operations. For this reason, compliance constitutes for Bankinter not only a legal obligation but also an ethical commitment to society as a whole.

    This commitment also serves as an opportunity for reflection for Bankinter as a leading institution adapted to the new reality of the finance industry, which is subject to the need to change relationships with customers and adjust the bank's business model to reflect new financial consumption habits and multiple reporting requirements.

    The purpose of the compliance function is to advise and provide guidelines to the business lines that help define the strategy, ensuring compliance with applicable regulations at all times. With this purpose, all Regulatory Compliance areas go to great lengths to train commercial staff.

    Institutional framework

    The Regulatory Compliance area, which is part of the Regulatory Compliance Department, reports to the Risk and Compliance Committee of the Board of Directors and is part of Bankinter's administrative structure through the Corporate Control and Compliance Department, which supervises its activity. This area has responsibilities of a global scope, of a corporate nature and aimed at providing the necessary support to Bankinter's governing bodies.

    The risk control culture is deeply rooted in the organisation. Driven by the strong involvement of the Board and Senior Management, it is transmitted to the business units with agility and efficiency through this corporate structure, the systems and tools configured from the outset to ensure compliance with the rules and prevent undesirable behaviour. This strategy is reinforced by an incentives policy consistent with the Bank's risk appetite, with continuous and mandatory training for the entire workforce, and a stronger and more effective Whistleblowing Channel.

    In 2024, the risk measurement methodology in this area was applied at the corporate level and was monitored using a tool common to all areas that make up the second line of defence. Similarly, during the year, a project was developed to implement a corporate taxonomy of the bank's processes, which aims to strengthen the three-line defence model and the identification and measurement of the main process risks, as well as to strengthen the bank's governance.

    Basic areas

    With this institutional and regulatory framework, the bank developed in 2024 the basic Regulatory Compliance areas of the second line of defence, which is organised into the following units:

    Control and advice on banking transparency and products, investment services, market abuse, Internal Code of Conduct and conflicts of interest. Responsible for risk management and for providing advice to the governing bodies on matters related to the supervision and control of compliance with rules of conduct in the provision investment, banking and insurance services, as well as on conduct in the securities market and the prevention of market abuse.

    Prevention of money laundering and terrorist financing. Ensures compliance with the policies and procedures adopted by the bank in order to guarantee adequate coverage of existing risks, through the application of a risk assessment framework and the promotion of measures for their mitigation and in advising the governing bodies regarding the supervision and control of compliance with internal and external regulations in this area.

    These units participate in the Regulatory Compliance Committee, the Product and Operational Risk Committee, the Internal Control Body and the Agent Acceptance Committee.

    Furthermore, the Money Laundering Prevention Area is responsible for ensuring compliance with the policies and procedures adopted by the bank in the area of prevention of money laundering and terrorist financing (PBC/FT).

    Preventing these practices is a strategic objective for Bankinter Group and an ethical commitment to society at large, in compliance with international standards and best practices in this area. In line with this objective, during 2024 Bankinter and its subsidiaries continued to develop the control measures required to comply with regulations and updated the risk appetite framework and map, as well as the corresponding IT tools.

    Likewise, the AML/CFT Policies and Procedures Manual and all associated procedures were also amended to streamline and structure the procedures, incorporating the supervisor's proposals and taking into account regulatory changes.

    Work also continued on the Action Plan approved for the year to comply with the recommendations of the external expert and the supervisory authority on this area. As a general rule, all of the Bank's employees receive mandatory training on matters related to AML every year. By the end of 2024, 8,773 participants had completed 6,749 hours of training in this field, an increase of 27% and 37%, respectively, when compared to 2023.

    During the year, it is worth highlighting the publication of the regulation establishing the European digital identity framework (eIDAS2).

    Regulatory agenda

    Bankinter has assigned the role of identifying and reporting regulatory changes to the Regulation area, which reports to the Office of the General Secretary. As such, it facilitates the early detection of potential impacts of regulatory changes, thereby reducing their risks. In this regard, it annually prepares a three-year map that serves as a basis for defining the regulatory strategy. In addition, the regulatory changes during 2024 were managed with an end-to-end approach, participating in several projects that required the adaptation of the bank's activities or processes from the start.

    The regulatory agenda in Europe was marked by the parliamentary elections in June 2024, which led to a slowdown in regulatory processing. During the year, it is worth highlighting the publication of the regulation establishing the European digital identity framework (eIDAS2). Similarly, the legislative package on the Prevention of Money Laundering and Financing of Terrorism and the regulation on immediate payments were published.

    Also noteworthy are the preparatory work for the implementation of the Digital Operational Resilience Regulation (DORA), which will strengthen the security framework for the financial sector, as well as for the Corporate Sustainability Reporting Directive (CSRD), which will entail an increase in the information to be reported on this matter from 2025.

    At the national level, the Spanish legislator and supervisors focused on the protection of retail consumers and investors. The following projects stand out:

    • Law 11/2023, which transposes Directive (EU) 2019/882. The project aims to ensure the accessibility of banking products and services for people with disabilities.
    • Proposal for the creation of the Independent Administrative Authority for Financial Customer Protection, which will replace the current customer service departments of Banco de España, the CNMV and the General Department of Insurance.
    • Effective transposition of Directive 2023/2225 on Consumer Credit Contracts. This regulation is expanded to include protected products in its scope and strengthens the protection measures for customers who apply for credit.

    The success of these projects is crucial not only to meet regulatory requirements and mitigate reputational risks, but also to maintain the trust of customers and supervisors.

    Outlook

    Three major areas of work are anticipated on the regulatory horizon. The first priority for legislators is sustainable finance. The most relevant milestone will be the transposition of the Corporate Sustainability Reporting Directive (CSRD) into the Spanish legal system.

    A second point of focus is the Capital Markets Union. In this context, the two most important refer to the regulatory packages of the Retail Investment Strategy (MiFID III) and the compensation package (Clearing Act). These are highly significant initiatives because they have the potential to significantly transform the business model and internal processes. For this reason, its progress is monitored to anticipate its impact and repercussions in the coming years.

    The third focus will be digital finance. In this area, it is also worth noting the implementation of the retail payments and data access package (PSD3, PSR and FIDA). It aims to improve internal processes to reduce fraud and foster innovation in the financial sector by allowing consumers and SMEs to authorise third parties to access and use their financial data, similar to the information sharing provisions of open banking under PSD2.

    A joint analysis of the announced initiatives shows that the legislators are firmly committed to strengthening customer protection, ensuring financial stability and improving the competitiveness of European financial markets in a sustainable manner.

    Cookie settings

    We use first and third-party cookies for analytical and statistical purposes and to show you personalised advertisements based on a profile compiled from your browsing habits (e.g. pages visited). For more information, click on our Cookie Policy. You can accept all cookies by pressing “Accept” or personalise your choice by clicking on MANAGE OR REJECT COOKIES.