Jump Main Menu. Go directly to the main content

Menu Download annual report

Sección de idiomas

Fin de la sección de idiomas

You are in:

  1. Home
  2. Corporate governance
  3. Internal control and compliance

Report BFA - Bankia 2015 / Corporate governanceInternal control and compliance

Bankia has the necessary organisational structure and operating mechanisms in place to ensure the regulations governing its activity are complied with and it carries on its business in an appropriate manner.


Prevention of money laundering and the financing of terrorism

The Bankia Group actively collaborates with the authorities responsible for overseeing and controlling compliance with Spanish laws designed to prevent the laundering of money from illicit activities and the financing of terrorism, which faithfully transposes the European Union directives on the matter. In this regard, Bankia has established mandatory rules and procedures concerning:

  • Compliance with the rules in effect regarding prevention of money laundering and following the recommendations of domestic and international authorities.
  • Implementing appropriate rules of action and control and communication systems to prevent use of the bank for money laundering.
  • Establishing policies for the acceptance of customers and appropriate procedures for identification and knowledge of customers, guaranteeing that all employees know and observe them.

The Bankia Group has global policies on prevention of money laundering and the financing of terrorism that are binding on all group companies, their employees and collaborators. These policies are subject to ongoing review to adapt them to legislative changes in the area. In order to guarantee compliance, each subsidiary and each grouping with greater exposure to the risk of money laundering has its own manager and a specific manual on prevention policies and procedures.

Bankia has appropriate systems and controls for proper segmentation of customers, products and transactions, based on the risk profile, the detection of suspicious operations and proper identification, acceptance and knowledge of its customers. According to legislation, anti-money laundering procedures are examined annually by an independent expert to detect any possible incidents and, if necessary, propose improvements. The results of the examination are referred to the Board of Directors.

The group is aware that the best form of prevention is to inform and raise the awareness of its staff, and therefore places special importance on training, which is provided through the institution’s annual plans. In 2015, 611 group employees received training in this area.

Prevention of criminal risk

Bankia has a model of organisation, prevention, management and control of criminal risks that was approved by the Audit and Compliance Committee by delegation from the Board of Directors.

The Bankia criminal risk prevention model identifies the activities within the context of which the offenses to be prevented may be committed, as well as the necessary protocols and procedures to avoid behaviour that may result in criminal offenses. The model establishes implementation of controls (some of a general nature and other more specific ones assigned to previously appointed managers) and adopts the behaviour rules contained in the bank’s Code of Ethics and Conduct.

In addition, the model incorporates a system of actions including measures to draw employees’ attention to the importance of compliance with the controls and standards. In 2015, 10,560 group employees received training in this area.

The bank’s criminal prevention manager, appointed by the Board of Directors, is the Chief Compliance Officer. This manager is responsible for supervision and verification of the existence of measures and procedures to reduce the risk of commission of the offenses.

Marketing and communications policy

Bankia has a firm commitment to compliance with and application of the principles and standards regulating the advertising of banking institutions. Thus all advertisements issued by the bank respect the values of truth, objectivity, loyalty and honesty.

The commitment to respect of the indicated values is reflected in:

  1. The existence of a Policy for Commercial Communications with Customers, approved by the Board of Directors. It sets forth the mandatory criteria and standards for the process of creation and launch of the bank’s advertising.
  2. Bankia’s membership of Autocontrol, an independent association for advertising self-regulation.

Data protection and information security

Bankia has established a set of measures to guarantee appropriate application of the principles of and customer rights regarding data protection. The standards include instructions and provisions regarding the information that must be provided in data collection, the duty of secrecy and custody thereof, the need to obtain consent for processing thereof and the exercise of the rights of access, correction and erasure.

Information is one of the most important assets of Bankia. Therefore protection thereof is one of the priorities that must be met by persons processing Bankia information. The bank also has a legal and ethical obligation to guarantee, on the same terms, the information regarding its customers, collaborating entities and the competent governmental agencies.

Bankia directly assumes a very significant part of the responsibility for ensuring comprehensive security, as a financial institution serving those using its services. To that end, it has identified two broad areas of application: Information Security and Business Continuity Security.

Information Security protects Bankia information used to achieve its business objectives by way of application of the Bankia Information Security Rules, which are mandatory for all persons processing Bankia information.

The Business Continuity Policy establishes the capacity of the bank to respond to business interruptions or incidents, with the purpose of continuing operations, providing assurance to customers and complying with the legal and regulatory requirements regarding the matter.

Internal control

The Corporate Internal Audit Department is responsible for overseeing and assessing the effectiveness of the bank’s reporting, internal control, risk management and corporate governance systems. It is also charged with verifying compliance with internal and external regulations, regularly providing the bank’s Audit and Compliance Committee and Senior Management with progress reports on and the results of the Annual Auditor Plan, proposed recommendations and the degree of completion thereof.

This reporting obligation is fulfilled by presenting an Audit Update Report to the Audit and Compliance Committee and Management Committee every three months.

Internal Audit’s jurisdiction encompasses all of the group’s activities. It has unlimited access to the information needed to carry out its duties and to all of the bank’s premises. In the performance of its work, Internal Audit can contact and collect information from any director or employee in the organisation. The Corporate Internal Audit Department is also a member of and participates actively in several committees controlling the group’s activity, such as the Regulatory Compliance Committee, the Ethics and Conduct Committee, the Operational Risk Committee and the Anti-money Laundering Committee.


Bankia’s process map currently stipulates that Internal Audit’s work encompasses six processes:

  • Preparation of the Audit Plan.
  • Audits of centres in the comercial network.
  • Audits of processes, centres and systems.
  • Follow-up of recommendations.
  • Development of audit systems.

Tax policy

The promotion of responsible tax policy, the support for prevention and combat of fraud and the development of transparency programmes are principles ensuring sustainable and efficient development. There are key elements in promoting the confidence of the various stakeholders.

Bankia adopts specific measures for the management and control of tax risks, has implemented internal control systems and has approved policies governing the manner of acting to improve transparency, responsibility and good corporate governance in the corporate tax policy and tax risk management area.

It is the Board of Directors that determines the tax strategy, approves the risk (including tax risk) policy, supervises the internal reporting and control systems, approves investments that involve special tax risk, and approves the creation or acquisition of interests domiciled in tax havens. For its part, the Audit and Compliance Committee supervises the system for management of tax risks and reports to the Board on the creation or purchase of interests domiciled in countries or territories that are considered to be tax havens.

The tax principles governing Bankia’s business are as follows:

  • Transparency
    Bankia maintains a transparency policy regarding its tax management and payment of its taxes, thus complying with the regulatory requirements related to access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms.
  • Compliance with tax obligations
    Bankia at all times applies the tax regulations in effect in Spain, the territory within which it engages in all of its business, as well as the pertinent international guides and standards, e.g. the guidelines and action plans of the Organisation for Economic Cooperation and Development (OECD). Bankia files the tax returns required by the tax regulations, makes the corresponding self-assessments and pays its tax debts in Spain on a timely basis.
  • Exposure to tax risk
    When analysing transactions with special tax risk, Bankia takes account of the short and long-term impact, corporate reputation for shareholders and customers, the relationship with governments and tax authorities, and other areas of the organisation.

The Board of Directors must approve the following transactions

  • Transactions between related entities
    Transactions between related entities are always carried out at market value.
  • Tax havens
    Bankia does not operate in tax havens for the purpose of evading its tax obligations.
  • Structures
    Bankia does not use artificial tax structures aimed at tax evasion that are not in compliance with the spirit of local or international regulations.
  • Company divestitures
    Bankia diligently analyses the tax implications deriving from processes of divestiture in which it is involved, in order to clarify any kind of tax risk.
  • Use of tax incentives
    Bankia applies the tax incentives established by the regulations.
  • Relationship with authorities and governments
    Bankia uses transparent and ethical channels of communication, both with tax authorities and with other public institutions and agencies. The relationships that Bankia maintains with public agencies are always guided by the principles of transparency, mutual confidence, good faith and loyalty between the parties.
  • External tax advisers
    Bankia engages the services of independent experts of proven reputation. In no case does it engage persons or entities of dubious repute.
  • Products marketed
    The products marketed by Bankia that have potential tax advantages are in compliance with applicable tax regulations. The tax information provided to customers is transparent.
    On 1 January 2016 the regulations related to automatic exchange of financial information (the Common Reporting Standard) entered into effect.
    Bankia collects information on the countries of tax residence and tax identification numbers of the holders of accounts affected by the regulations. This information is periodically reported to tax authorities, which will exchange this information with the authorities of the other signatory countries.

Information systems

The BFA-Bankia Group is immersed in a major transformation project: the redesign of its information systems. The project affects the entire organisation since it covers all corporate information of a regulatory, analytical and commercial nature and that related with risks.


Employees receiving cyber security awareness training

The goal is to move towards an information governance model that is on a par with the highest standards in the market and complies with RDA rules defined in the regulation on risks stemming from the demands of the Basel Committee on Banking Supervision.

The project has three lines of action:

  • Organise information through a single repository and common vocabulary.
  • Optimise information provision and standardise and introduce more flexible mechanisms for using information.
  • Roll out an information quality control and governance model, creating the post of Chief Data Officer.