Account Debit Authorization Spain (Autorización de Cargo en Cuenta)

An Account Debit Authorization Spain (Autorización de Cargo en Cuenta or Mandato de Adeudo Directo SEPA) governed by Reglamento (UE) 260/2012 and Real Decreto-Ley 19/2018 de servicios de pago is a written instruction from a debtor (deudor) to their payment service provider (entidad de pago — typically a bank) authorising a specified creditor (acreedor) to initiate direct debit transactions (adeudos directos) from the debtor's designated bank account. The Reglamento (UE) 260/2012 del Parlamento Europeo y del Consejo, de 14 de marzo de 2012 (Reglamento SEPA), established the technical standards and legal framework for the Single Euro Payments Area (Zona Única de Pagos en Euros — SEPA) across all European Union member states, including Spain. The Real Decreto-Ley 19/2018, de 23 de noviembre, de servicios de pago y otras medidas urgentes en materia financiera, transposed the European Payment Services Directive 2 (PSD2 — Directiva (UE) 2015/2366) into Spanish law, setting binding obligations on payment service providers and creditors initiating direct debits in Spain.

The SEPA direct debit mandate (mandato SEPA de adeudo directo) operates under two principal scheme rulebooks maintained by the European Payments Council (EPC): the SEPA Core Direct Debit (SDD Core) for consumer and business transactions, and the SEPA Business-to-Business Direct Debit (SDD B2B) for purely commercial transactions between businesses. In Spain, the Banco de España — as the national central bank and competent authority under Real Decreto-Ley 19/2018 — oversees compliance with SEPA payment standards and supervises payment institutions (entidades de pago) authorised to operate in Spanish territory. The Ley Orgánica 3/2018 (LOPDGDD) and RGPD govern data protection obligations arising from the processing of personal and financial data in SEPA mandates.

The SEPA mandate framework replaced Spain's previous domestic direct debit system (the Cuaderno 19 format of the Asociación Española de Banca — AEB) from 1 February 2014, when the SEPA migration deadline mandated by Regulation (EU) 260/2012 took effect. Spanish banks migrated all existing direct debit mandates (domiciliaciones bancarias) to the SEPA format, assigning a unique Mandate Reference Number (referencia única del mandato — RUM) to each authorisation. The Spanish SEPA clearing and settlement infrastructure is operated by IBERPAY (Sociedad Española de Sistemas de Pago), which connects Spanish banks to the pan-European EPC clearing network and settles SEPA transactions through the TARGET2 payment system of the European Central Bank.

The Autorización de Cargo en Cuenta under Spanish SEPA rules contains several mandatory fields defined by the EPC SDD Scheme rulebook and the Reglamento SEPA Article 5: the creditor's SEPA Creditor Identifier (Identificador del Acreedor SEPA — IAS), the debtor's International Bank Account Number (IBAN) and, where applicable, Bank Identifier Code (BIC — though BIC is no longer mandatory for intra-EU SEPA transactions under Regulation (EU) 260/2012 Article 5(7)), the RUM, the type of payment (recurrente — recurring or puntual — one-off), and the signature and date of the debtor's authorization. The Banco de España maintains the Spanish IAS registry and assigns credential identifiers to authorised creditors through their banking intermediaries.

Under Article 77 of Real Decreto-Ley 19/2018, the debtor has the right to request a refund of any SEPA Core direct debit payment within 8 weeks of the debit date, without needing to provide a reason — a consumer protection right that does not apply to the SEPA B2B scheme, where the debtor waives the refund right in the mandate. The creditor's bank (banco del acreedor) must submit the direct debit collection to the payment system at least 5 banking days (días hábiles bancarios) before the due date for Core mandates and 2 banking days for B2B mandates, under the EPC timing rules incorporated into Spanish banking practice by the Banco de España.

The Comisión Nacional del Mercado de Valores (CNMV) plays no direct supervisory role over SEPA mandates, but its oversight under Ley 6/2023 extends to investment firms using direct debit mandates to collect client fees. The Agencia Española de Protección de Datos (AEPD) supervises GDPR compliance in the processing of personal data embedded in SEPA mandate forms, and has issued guidance on the lawful bases for processing IBAN and personal data in payment service contexts. The Secretaría General del Tesoro y Financiación Internacional coordinates Spain's participation in EU payment policy through the Ministerio de Economía, Comercio y Empresa, monitoring developments in the EU Payment Services Regulation (PSR) that will supersede PSD2 from 2026.

An Account Debit Authorization Spain is needed whenever a creditor wishes to collect recurring or one-off payments directly from a debtor's bank account through the SEPA direct debit system, rather than relying on the debtor to initiate each payment.

The authorization is needed for utility service contracts — electricity (electricidad), gas, water (agua), and telecommunications (telecomunicaciones) — where the supplier (suministrador) collects monthly bills by direct debit. In Spain, the Comisión Nacional de Mercados y la Competencia (CNMC) requires regulated utilities to accept domiciliación bancaria (direct debit) as a payment method and to provide customers with copies of their SEPA mandates upon request. Utilities supervised by the CNMC under Ley 24/2013 del Sector Eléctrico and Ley 34/1998 del Sector de Hidrocarburos must process SEPA mandates through IBERPAY-connected banking channels.

A Debit Authorization is needed for insurance premium collection (cobro de primas de seguro) by insurance companies (compañías de seguros) operating in Spain under the Ley de Contrato de Seguro (Ley 50/1980) and supervised by the Dirección General de Seguros y Fondos de Pensiones (DGSFP). Annual or monthly premium payments are typically collected by SEPA direct debit under a standing mandate. The DGSFP requires insurers to maintain records of all SEPA mandates for at least 4 years in accordance with Ley General Tributaria (Ley 58/2003) document retention obligations.

The authorization is required for gym memberships, subscription services, digital platforms, and professional association fees — any recurring commercial relationship where the creditor needs a SEPA mandate to initiate monthly collection. The creditor must notify the debtor of each charge amount and date at least 14 calendar days before the collection date under the EPC SDD Core rulebook, unless a shorter period is agreed. The Ley 3/2014 de Defensa de los Consumidores y Usuarios and Real Decreto Legislativo 1/2007 impose additional transparency obligations on creditors using automatic payment collection with consumers.

A Debit Authorization is needed when a company sets up automatic salary advance repayments (anticipos de nómina) or internal loan repayments through payroll deductions — where the employer (as creditor) collects directly from the employee's designated bank account rather than deducting from the nómina, to maintain separation between payroll and credit records. The Estatuto de los Trabajadores (RDL 2/2015) Article 26 limits the circumstances in which employers may make deductions from salary — a separate SEPA mandate avoids ambiguity about the nature of the collection.

The authorization is needed in real estate management when a property administrator (administrador de fincas) collects monthly community fees (cuotas de comunidad de propietarios) from the owners of a horizontal property community (comunidad de propietarios) governed by the Ley de Propiedad Horizontal (Ley 49/1960). Centralised SEPA direct debit collection replaces individual owner bank transfers and reduces the administrative burden on the administrador de fincas, who must account for collections to the junta de propietarios under Article 20 of the Ley de Propiedad Horizontal.

SEPA mandates are also needed when a franchisor (franquiciador) registered in the Registro de Franquiciadores (Ministerio de Industria) collects royalties and marketing fund contributions from franchisees (franquiciados) under the franchise agreement regulated by Real Decreto 201/2010. A standing SEPA mandate for recurring royalty payments avoids delays in collection and provides the franchisor with reliable cash flow management, with the option to use SDD B2B where all parties are commercial entities to benefit from same-day settlement and no refund right.

A valid Account Debit Authorization Spain under the Reglamento SEPA (UE 260/2012) and Real Decreto-Ley 19/2018 must contain the following mandatory elements specified by the EPC SDD Scheme rulebook and Spanish payment law.

Creditor Identification: Full name and address of the creditor (acreedor) and, critically, the creditor's unique SEPA Creditor Identifier (Identificador del Acreedor SEPA — IAS) assigned by the Banco de España. Spanish creditor identifiers follow the format: ES + 2 check digits + 3-character creditor business code + national creditor identifier. The IAS is mandatory for all SEPA direct debit initiations — without it, the creditor's bank cannot process the collection through IBERPAY.

Mandate Reference Number (RUM): A unique Mandate Reference Number (referencia única del mandato — RUM) assigned by the creditor for each individual debtor mandate. The RUM, combined with the IAS, uniquely identifies each SEPA mandate in the EPC payment infrastructure and is required on each direct debit instruction submitted to the banking system. The creditor must store the original signed mandate and its RUM for the duration of the mandate and for at least 14 months after the last collection under that mandate, in accordance with EPC SDD rulebook data retention requirements.

Debtor Bank Account Details: The debtor's full IBAN (International Bank Account Number — Número Internacional de Cuenta Bancaria) of the account to be debited. Spanish IBANs have 24 characters: ES + 2 check digits + 4-digit bank code (código banco) + 4-digit branch code (código sucursal) + 2-digit control digit + 10-digit account number. BIC is no longer mandatory for intra-EU SEPA transactions under Reglamento SEPA Article 5(7), though it remains useful for cross-border collections involving non-EU payment service providers.

Debtor Identification: Full name and address of the debtor (deudor) — the account holder authorising the debit. If the debtor is a business, the company name and NIF must be included. The debtor's identification must match the account holder name as registered with their bank to avoid payment rejection (rechazo or devolución) by the debtor's bank.

Type of Payment Scheme: A clear designation of whether the mandate is under the SEPA Core Direct Debit (SDD Core — for consumers and businesses, with 8-week refund right under Article 77 RDL 19/2018) or the SEPA Business-to-Business Direct Debit (SDD B2B — for business-to-business transactions only, with no refund right after pre-notification). The SDD B2B scheme requires the debtor's bank to verify the mandate against the debtor's records before processing the first collection.

Payment Frequency: A statement of whether the mandate authorises recurring payments (recurrentes — ongoing periodic debits) or a single one-off payment (puntual — a one-time debit). Recurring mandates remain valid until cancelled by the debtor or creditor; one-off mandates are automatically cancelled after the first successful collection. A recurring mandate not used for 36 consecutive months expires automatically under EPC SDD Core rulebook Section 4.1.

Pre-notification: A statement of the creditor's obligation to notify the debtor at least 14 calendar days before each collection of the amount and collection date, unless a shorter period (minimum 1 banking day) has been agreed between the parties — as permitted under the EPC SDD Core rulebook Section 2.4.1. Many Spanish utility companies and subscription providers send pre-notification with the monthly invoice or statement, satisfying both the billing and SEPA pre-notification obligations in a single communication.

Debtor's Refund Rights: For SDD Core mandates, a clear statement of the debtor's right to request a refund of any payment within 8 weeks of the debit date under Article 77 of Real Decreto-Ley 19/2018. For SDD B2B mandates, confirmation that the debtor has agreed to waive the refund right, consistent with the EPC SDD B2B rulebook. The debtor's bank must process refund requests within 10 business days under Article 77 RDL 19/2018.

Signature and Date: The debtor's handwritten signature (firma manuscrita) and the date and place of signature. Electronic signatures complying with Reglamento (UE) 910/2014 (eIDAS) are accepted for digital SEPA mandates — qualified electronic signatures (QES) and advanced electronic signatures (AES) issued by trust service providers authorised by the Ministerio de Asuntos Económicos are recognised by all Spanish banks.

Data Protection Clause: A GDPR-compliant clause informing the debtor of the processing of their personal and banking data — IBAN, name, address, payment history — under Reglamento (UE) 2016/679 (RGPD) and Ley Orgánica 3/2018 (LOPDGDD), with the Agencia Española de Protección de Datos (AEPD) as the supervisory authority. The creditor acts as responsable del tratamiento and must provide the privacy notice required by RGPD Article 13 at the time of mandate collection.

Forms-legal.com provides this Account Debit Authorization Spain template as a compliant starting point — always verify SEPA mandate requirements with your bank and with the Banco de España guidelines before implementation. The Banco de España maintains the Spanish IAS registry and publishes updated SEPA compliance guidance on its website. IBERPAY (Sociedad Española de Sistemas de Pago) operates the Spanish SEPA interbank clearing infrastructure and publishes technical specifications for SDD Core and B2B mandates applicable to Spanish payment service providers.

Under the Ley Cambiaria y del Cheque (Ley 19/1985), promissory notes and bills of exchange are governed in Spain. The Banco de España supervises banking under Ley 10/2014. The Comisión Nacional del Mercado de Valores (CNMV) regulates securities markets. The AEAT administers IVA (Ley 37/1992) and IRPF (Ley 35/2006). The Ley 3/2004 governs late payment in commercial transactions with statutory interest.