Iniciativa RegTech España

Case studies

Modernising AML & KYC in Spanish Real Estate

How regulatory technology can replace email, WhatsApp and shared folders with secure, auditable AML and KYC workflows for Spanish real estate professionals.

Published 10 June 2026

Overview

Category: Real Estate Compliance Technology Featured RegTech: PropComply Industry: Real Estate Country: Spain

This case study explores how regulatory technology can help Spanish real estate agents, lawyers, developers and mortgage professionals modernise AML and KYC processes while reducing operational friction and GDPR exposure. It is intended as an educational, vendor-neutral analysis. PropComply is referenced as an example of a RegTech platform designed for the Spanish property sector.

The Challenge

Real estate professionals in Spain are obliged subjects under Law 10/2010 on the prevention of money laundering and terrorist financing. In practice, that translates into a long list of operational challenges:

  • AML compliance and risk-based onboarding
  • KYC document collection
  • Identity verification
  • PEP and sanctions screening
  • Source of Funds collection and assessment
  • GDPR and LOPDGDD compliance
  • Secure document sharing across parties
  • Cross-border transactions with non-resident buyers

Despite the regulatory weight of these obligations, many firms still rely on tools never designed for compliance work:

  • Email threads
  • WhatsApp messages
  • Shared drives and personal cloud folders
  • Manual document reviews
  • Spreadsheet-based tracking

The result is predictable: duplicate document requests, weak audit trails, slow onboarding, inconsistent risk assessments, GDPR concerns and an ever-growing operational workload on partners and compliance staff.

The Traditional Process

A typical manual onboarding journey looks like this:

  • The agent or lawyer requests a passport copy via WhatsApp or email.
  • The client sends a photo of the passport, sometimes more than once.
  • Proof of address is requested separately and arrives in another channel.
  • The professional manually checks PEP and sanctions lists, often using free or fragmented sources.
  • Source of Funds documentation is requested over several rounds of emails.
  • The information is forwarded to the conveyancing lawyer, frequently as attachments.
  • The notary or bank requests the same documents again.
  • Files are stored in mixed locations — inbox, desktop, shared folder, mobile gallery.

Common inefficiencies and risks include:

  • Multiple copies of identity documents in uncontrolled environments
  • No reliable record of when, how and by whom data was processed
  • Inconsistent risk classifications between transactions
  • High effort, low traceability
  • Significant GDPR and Law 10/2010 exposure in the event of supervision

The RegTech Solution

RegTech platforms designed for the Spanish real estate sector — PropComply being a representative example — aim to consolidate these scattered processes into a structured, auditable workflow. Typical capabilities include:

  • Digital onboarding portals for buyers, sellers and tenants
  • Structured KYC workflows aligned with Law 10/2010
  • Integrations with identity verification providers
  • PEP and sanctions screening with documented results
  • Risk-based onboarding logic
  • Secure document collection with encryption in transit and at rest
  • Secure KYC sharing between agents, lawyers and other obliged parties
  • Full audit trail of who requested, accessed and reviewed each document
  • Real estate-specific templates and Source of Funds workflows

The objective is not to digitise the old process one-to-one, but to redesign it around the obligations the firm actually has under AML and data protection law.

Potential Benefits

Organisations adopting this kind of platform can typically expect:

  • Faster onboarding for both domestic and international clients
  • Reduced administrative burden on partners and support staff
  • A more professional client experience
  • Stronger auditability for SEPBLAC inspections and internal reviews
  • More consistent application of risk-based compliance policies
  • Reduced dependency on email and consumer messaging applications
  • Improved document security and reduced GDPR exposure

Regulatory Relevance

Technology of this kind directly supports compliance with:

  • AML obligations under Law 10/2010 and Royal Decree 304/2014
  • GDPR and LOPDGDD obligations on lawful basis, security and retention
  • Record keeping requirements, including the ten-year retention period for KYC documentation
  • Risk-based compliance frameworks expected by SEPBLAC and EU AML guidance
  • The forthcoming EU AML package, including the role of AMLA and the AML Regulation

Lessons Learned

The case illustrates how regulatory technology can help organisations improve compliance outcomes while reducing operational friction. The objective is not simply to digitise existing processes, but to create more secure, auditable and scalable compliance workflows.

For Spanish real estate firms, the strategic question is no longer whether to modernise AML and KYC, but how to do it in a way that is defensible under both Law 10/2010 and GDPR — and that scales as transaction volumes, cross-border activity and regulatory expectations continue to grow.

Related Topics

  • AML & Financial Crime
  • Real Estate Compliance
  • Digital Identity
  • Privacy & GDPR
  • Secure Document Sharing

Related Regulations

  • Ley 10/2010
  • GDPR
  • LOPDGDD
  • eIDAS 2.0