Jump Main Menu. Go directly to the main content

  1. Responsible banking
  2. Good banking practices

Good banking practices

Start of main content

Bankia has internal control and risk management systems to ensure compliance with applicable standards and good banking practices.

Criminal risk prevention

Bankia has a best-practice criminal risk prevention model that allows it to identify activities that must be prevented and implement protocols and procedures to prevent conduct liable to result in the commission of criminal offences, while ensuring compliance with the bank’s Code of Ethics and Conduct.

The model is based on identifying criminal risks in the bank’s activity and putting in place and regularly executing both general and specific controls, using software applications to detect any circumstances that might entail a heightened risk.


Prevention of money laundering and the financing of terrorism

Bankia’s Anti-Money Laundering and Financing of Terrorism (AMLFT) Directorate is responsible for proposing and developing internal AMLFT regulations and the application of international financial sanctions and countermeasures in the bank, in accordance with current legislation, as well as for carrying out checks to ensure compliance.

Following the risk-based approach stipulated in Law 10/2010, this directorate establishes, applies and maintains procedures for preventing and detecting money laundering and the financing of terrorism, together with mechanisms for the correct application of international financial sanctions and countermeasures, proposing measures to correct and minimise any risk of non-compliance.

It also adapts and revises screening tools and the risk-based approach (RBA) for assigning risk to customers and analyses operational alerts and alerts relating to the acceptance or monitoring of customers liable to be related to money laundering and the financing of terrorism.

In addition, as provided for in Law 10/2010, the AMLFT Directorate has one of the main market tools for generating and managing alerts, whose parameterisation is reviewed periodically and adapted to relevant money laundering risks.

At the same time, a series of ‘dynamic scenarios’ has been developed and implemented to facilitate alert detection and analysis.


Given Bankia’s commitment to the prevention of money laundering and financing of terrorism and in the knowledge that this is a task that concerns the entire bank, the AMLFT Directorate is divided into three units, based on business type (retail or wholesale) and operational specialisation (UFICs), so as to provide better assistance and support to the network. The aim is to perform the aforementioned general tasks while providing specialised assistance for each area.

The main obligations of each area are as follows:


  • Support, monitor and control the business of the retail branches.
  • Report the regulatorily required information to the supervisor, along with the monthly transactions report and the account holders file.
  • Train and sensitise front-line staff in anti-money laundering and antiterrorist financing matters.


  • Support, monitor and control the business of the Private Banking, Corporate Banking and Corporate Banking centres, banking correspondents and the agency network.
  • Foreign trade transactions.
  • Real estate transactions and divestments.


  • Operational and strategic analysis of risk groups.
  • Financing of terrorism: alerts, cases and models.

At national level, the EU's Fifth Money Laundering Directive is due to be transposed during 2020, amending the current Law 10/2010 and its implementing regulation (Royal Decree 302/2014), which does not yet include the new provisions of the Fourth Directive (transposed on 31 August 2018 by Royal Decree-Law 11/2018).

At European level, on 16 April 2019 the European Parliament adopted new rules to strengthen the systems of financial supervision, giving the European Banking Authority (EBA) greater powers to combat money laundering and the financing of terrorism.

Prevention of market abuse

Following the entry into force of the European Market Abuse Regulation (Regulation (EU) No 596/2014 of 16 April 2014) and its implementing regulations, the bank took steps to comply with the resulting new obligations and requirements, so as to strengthen
market integrity and comply with the implementation and supervision mechanisms at the European level.

Employee tools and training were adjusted to foster a culture of detection and prevention of suspected market abuse and adapt to changes in the Penal Code.

New standards for
investment services

In 2019, Bankia worked to consolidate its model for the distribution of investment products, while preserving the MiFID II goal of providing the greatest possible customer protection. To that end, employees receive continuous training, senior management are involved in the launch of new products and the monitoring of marketing activities, and automatic controls have been established in the bank’s various investment channels and services to ensure that products are sold only if they are appropriate to the customer profile. Customer communication procedures have also been strengthened, giving greater transparency, and portfolio management has been made accessible through the Bankia Gestión Experta service.

Regulation of home loan agreements

Since the beginning of 2019, Bankia’s Regulatory Compliance Directorate has been working with the other units concerned on a project to regulate home loan agreements at the enterprise level. The ultimate purpose of such regulation is to provide more robust guarantees for borrowers in the lending process and so avoid loan enforcement actions and the consequent loss of the home.

Internal audit and control

During 2019, in line with the digital transformation currently under way in the bank, the Internal Audit Corporate Directorate carried out various initiatives to improve information gathering, increase the volume of checks carried out and develop more efficient information systems.


Information systems

Bankia’s goal in this area is to optimise data use to generate value on the basis of sound ethical and privacy principles. To achieve this, the bank has implemented a sustainable data quality and data governance model and has built a single, well governed information system that meets most of the information needs of internal users and the supervisor.

The challenge is to make Bankia a data-driven organisation in which data is a strategic asset and all decisions are founded on data, with a transparent, collaborative culture and the highest standards of security, privacy and ethics in management.

Tax policy

Fostering responsible tax management is key to Bankia’s financial activity, with the creation of tools to prevent and combat fraud and the implementation of tax transparency programmes.

The Board of Directors defines the bank’s tax strategy. It is responsible for approving any presence in territories considered tax havens and the creation of tax structures, which on no account are used to facilitate tax evasion or violate regulations. Bankia does not operate in tax havens to avoid its tax obligations.

The Board of Directors must also give its approval for divestments in companies, the use of tax incentives and the hiring of external tax advisers.

Bankia maintains a transparent policy on tax management and the payment of its taxes and applies the tax regulations applicable in Spain, which is where it carries out all its activities. It also follows the guidelines issued by international bodies such as the Organisation for Economic Cooperation and Development (OECD).

It also performs an analysis of all transactions that entail special tax risk, based on, among other things, their impact on the bank’s reputation, on shareholders and customers and on its relationship with the tax authorities.

The bank is a member of the Large Businesses Forum, which promotes a more cooperative relationship between companies and the Spanish Tax Agency (AEAT), and is a signatory to AEAT’s Code of Best Tax Practices.

Data protection and ethics

For Bankia, its customers’ information and the security of that information is a vital asset. Protecting that information is therefore one of the bank’s top priorities in the face of the continual advances in technology.

The bank aims to ensure proper application of data protection principles and customers’ data protection rights, respecting their privacy, all this in the context of the responsible digitisation process outlined in the 2018-2020 Strategic Plan.

The purpose of data protection is to guarantee and protect the fundamental rights of natural persons with regard to their personal data, especially their personal reputation and their personal and family privacy. The relevant regulations are Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, better known as the GDPR, and the Spanish Organic Law 3/2018 of 5 December on the protection of personal data and safeguarding of digital rights.


Data security

Bankia is in the process of implementing the 2019-2021 Strategic Cyber Security Plan (PECI), which is focused on risk management and assurance of the effectiveness of the controls put in place.

Over the course of 2019, the cyber risk and assurance model was overhauled with a view to quantifying the risk to which the bank would be exposed in the event of a threat. At the same time, security became more deeply embedded in the software development cycle and the governance model for fraud prevention was transformed.

Also in 2019, the Business Impact Analyses (BIAs) underwent a comprehensive review aimed at identifying critical activiteis, recovery time requirements, and the means and resources for business continuity.

Challenges for 2020 include adaptive automation of cyber security controls based on cyber risk; optimisation and automation of reporting models; user behaviour analysis; agile adaptation to new cyber risks and threats; intelligent information security perimeter; optimisation of hardware and software security integration models; and optimisation of internal and thirdparty analysis of compliance with information security standards.


5.78 Mill.€

Human rights

In July 2019, Bankia’s Board of Directors approved a new policy on the Protection of and Respect for Human Rights. This policy defines the responsibilities the bank assumes in regard to respect for human rights in its dealings with professionals, customers, suppliers, business partners and society as a whole, with the implementation of prevention, reporting and sanction mechanisms.

It also sets out a commitment to human rights focused on assessing and understanding the social and economic environment, recognising and respecting the identity of individuals and their communities, establishing a system of proactive dialogue with stakeholders, and promoting an awareness of and compliance with this commitment.

In addition, the bank undertakes to perform due diligence to identify and assess potential impacts and include the assessment findings in internal processes in order to take steps to prevent and mitigate possible impacts, monitor and verify their effectiveness and communicate them externally.



Use the browsing suggestions to explore the Annual Report


Click to see related content


related news

Bankia signs the Principles for Responsible Banking of the United Nations together with 130 international banks

Read more

Bankia has allocated 100 million euros to social and environmental projects over the past six years

Read more

Bankia adheres to the principles of the EJE&CON Code of Good Practices

Read more

End of main content