Appendices 1 and 2 of Circular 5/12 of the Bank of Spain

Information of interest to customers

Rates for commissions, conditions and costs that may be passed on to customers


The booklet on rates, commissions, conditions and costs that can be passed on to customers is available to our customers on this website, as is an information booklet on the fees for securities transactions and standard contracts for securities transactions.


Customer Service Department


Claims for services and transactions carried out with Unicaja Banco, in accordance with the current regulations, may be sent on paper or by computer, electronic or telematic means, provided that they allow the documents to be read, printed and retained, to:

  • BANK OF SPAIN ENTITIES CONDUCT DEPARTMENT. (You must have previously complained to Unicaja's Customer Service Department).
  • NATIONAL SECURITIES MARKET COMMISSION. (Competent in questions of customer protection in the securities markets, for matters under its responsibility, and which requires having previously complained to Unicaja Banco's Customer Service Department).
  • DIRECTORATE GENERAL FOR INSURANCE AND PENSIONS. (Competent in questions of insurance and which requires having previously complained to Unicaja Banco's Customer Service Department).


Regulatory standards


The legislation that regulates the transparency of transactions and customer protection are contained in the following provisions:

  • Standard 8 of the Bank of Spain Circular 8/1990 of 7.09.90 (Official State Gazette - BOE 20.09.90).
  • Law 2/1994 on Subrogation and Modification of Mortgage Loans of 30.03.94 (BOE 04.04.94).
  • Order EHA 1665/2010 of 11.06.2010 (BOE 23.06.10) and Circular 7/2011 of the CNMV of 12.12.11 (BOE 24.12.2011) on the booklet of rates and content of standard contracts.
  • Order EHA 1608/2010, of 14th June 2010, on transparency of conditions and requisites of information applicable to payment services.
  • Law 16/2011 on Consumer Credit Agreements of 24.06.11 (BOE 25.06.11).
  • Order EHA/2899/2011, of 28 October, on the transparency and protection of banking services customers, and Circular 5/2012, of 27 June, of the Bank of Spain, on credit institutions and payment service providers, transparency of banking services and responsibility in the granting of loans.
  • Law 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions, implemented through Royal Decree 84/2015, of 13 February.
  • Royal Decree Act 19/2018, on 23rd November, on payment services and other urgent measures on financial matters.
  • Law 5/2019, of 15th March, that regulates real estate loan contracts (LCCI).
  • Royal Decree 309/2019, of 26th April, that partially develops Act 5/2019, of 15th March, that regulates real estate loan contracts and adopts other measures in financial matters.
  • Order ECE 1263/2019, of 26th December, on transparency of conditions and requisites of information applicable to payment services (modifica también la Orden ECO/734/2004, de 11 de marzo y la Orden EHA/2899/2011, de 28 de octubre).


Exchange rates on currency and banknote transactions


We offer our customers daily information about the minimum purchase and maximum sale exchange rates that apply to transactions for the purchase and sale of currencies and banknotes from countries not forming part of the EMU, against the euro, whose amount does not exceed €3,000.



Bank Account Movement


The payment account movement application form and the "Practical Informative Guide on Bank Account Movements", which contains clear and detailed information about said movements, are available to customers at any of our branches and on the Unicaja Banco website to guide them through the movement process.





Our loan customers are notified that the pre-contractual information sheet is available to them, free of charge.

Our customers are informed of their right to request a free binding offer for mortgage loans and consumer credits.


Our customers are also informed that the Bank of Spain has published the mortgage loan access guide and the informative booklet on the guide, whose creation was mandated by article 20 of Order EHA/2899/2011, of 28 October, on the transparency and protection of banking services customers.


Our clients are notified that Unicaja Banco has adhered to the Code of Good Practices for feasible restructuring of debts with mortgage guarantee on first homes, included in the Addendum to Royal Decree Act 6/2012, of 9th March, on urgent measures to protect mortgage debtors without resources, in the last version introduced by Act 5/2019, of 15th March, that regulates real estate loan agreements.


That Code of Good Practices considers successive application of the following measures:

 1.- Feasible restructuring of the mortgage debt. 2.- If the restructuring is not feasible, an acquittal on the capital pending repayment that the Bank may decide to grant or not; and 3.- Assignment of the property in lieu of payment with the possibility of a lease, if restructuring the debt is not feasible and the Bank requires acquittal.


Customers who want information about its content and/or the requirements that must be met to qualify for it, can go to their branch and ask for the document containing general information on urgent measures to protect mortgagors without resourses, or they can consult it directly in the following link general information on urgent measures to protect mortgagors without resources, and they can go to their branch for more information.

Information on PSD2

PSD (Payment Services Directive) is the acronym colloquially used for the European Payment Services regulations. The so-called PSD2 (Directive 2015/2366 on payments services in the internal market), is the second of the European directives that have come to substitute the first directive on this matter (PSD1) due to major sectors on the European payment market, in particular, card payments, Internet payments and mobile payments, still being broken up according to the national boarders. Many innovative payment products or services that have arisen in recent years were not fully or mostly covered by the scope of application of the PSD1.



PSD2 has been transposed to the Spanish juridical order through Royal Decree Act 19/2018 on payment services and other urgent measures in financial matters. The Royal Decree Act was enacted on 24th November 2018, except for the part on transparency and the rights and obligations that came into force on 24th February 2019, as well as the reinforced authentication security measures for clients and some open, common, secure communication standards, that shall come into force on 14th September 2019.



However, what exactly is PSD2?


It is a standard with the main objective of establishing a regulatory framework on the European payment services market, fundamentally in the digital environment, that has the following objectives:

  • To facilitate and improve security in use of payment services over the Internet.
  • To reinforce the level of user protection against potential fraud and abuse.
  • To promote innovation in payment services using mobile phones and the Internet.



How does this affect the clients?


By improving both the service offer as well as user security and protection:



1.   New services

In addition to the traditional payment services (deposits, withdrawals, standing orders, transfers, cards, PST and money transfers) there are two new services that require access to your payment accounts by a third-party provider of payment services with your prior consent. In that sense, we remind you that your identifying credentials must not be notified to third parties. These two new services are: 


  • Payment commencement service. This service may be used to initiate a payment directly from your account through a payment service provider (a Bank for example). What you must do is give your specific consent using the online resources made available to you.
  • Account information services. This service is known as bank account aggregation. With this service, you may allow third-party payment service providers to access information on accounts you hold. This service is exclusively online and, in order for Unicaja Banco to provide that information to a third party, you must previously provide your specific consent through that third party and you may also withdraw it through that party. You may also use Electronic Banking to see which third parties have your authorisation to access your account information.


PSD2 also regulates a fund confirmation service that allows a payment service provider issuing a card, with your prior consent, to consult your bank, your payment service provider account linked to the card, to see if there are available funds to honour the payment. That fund confirmation will consist of a “YES” or a “NO” regarding the sum consulted. Thus, the service may be applied to a debit card you have subscribed with a payment service provider (for example, Bank A) but which is domiciled in the account of another service provider (for example Bank B). Under no circumstance shall specific information be provided on the amount of your balance and it will only be possible if your account is accessible through Electronic Banking.


This possible third-party access to your accounts with your consent may be refused by the bank for objectively justified, duly documented reasons related to unauthorised or fraudulent access to the payment account by the third-party payment service provider. 



2.   Security and user protection.

  • In order to improve security, reinforced client authentication shall be required, with exceptions, in online access to accounts based on use of two or more classified identifying elements that are independent — that is, that breach of one does not compromise the reliability of the others—, and conceived  so as to protect the confidentiality of the authentication data.
  • On the other hand, the maximum losses a consumer or micro-company must bear in the case of an unauthorised payment operation taking place due to use of a mislaid, stolen or third-party misappropriated payment instrument, is reduced from 150 to 50 euros. 
  • The response time for complaints regarding payment services is reduced to 15 days and, in exceptional situations, up to a maximum of one month.
  • The protection foreseen for micro-company consumers is extended with regard to transparency of the conditions and information requisites applicable to the payment services, resolution and amendment of the framework contract and the rights and obligations in relation to provision and use of payment services. Notwithstanding this, an exception is made for micro-companies regarding application of the right to order reimbursement of standing order debits due to an authorised payment order initiated by a beneficiary or through it, for a term of eight weeks as of the date of the funds being debited to the account.
  • The regulations provide a non-renounceable right for the consumer or micro-company regarding termination of the contract at any time and without the need for any advance notice whatsoever, with effect once 24 hours have elapsed from receiving the application, except if there are related services in force. Termination shall be free of charge unless the contract has been in force for less than six months, in which case the bank may charge a commission for such termination. 



3.   Stricter security requisites in electronic payments (strong customer authentication)

PSD2 has made secure electronic payments one of its key axes. The regulation specifies obligatory application of specific security measures and procedures in electronic payment operations, especially remote ones. These measures and procedures are articulated around the concept of Strong Customer Authentication, with the English acronym "SCA".


With regard to security in payment operations, PSD2 concentrates especially on transactions of a remote nature made over the Internet. That emphasis is a direct consequence of the notable increase that such transactions, especially those performed by mobile devices, have undergone in recent years, driven by the surge in electronic commerce. 


The requisite to perform strong customer authentication when commencing an electronic payment transaction consists of the obligation for payment service providers (PSPs) that issue payment instruments to authenticate the identity of the person ordering, based on use of two independent security elements (authentication factors) every time a payment is made in a physical or electronic store.


Strong customer authentication is based on combined use of two of the following types of authentication factors: 

  • Something only the payer knows (KNOWLEDGE); a password for example.
  • Something only the payer has (POSSESSION); for example, a card, a mobile telephone.
  • Something the payer is (INHERENCT); for example, a biometric feature such as a fingerprint, the iris.


Thus, the PSP issuing the payment instrument may be sure that the payer is the person they say they are.


Notwithstanding the foregoing, there are a series of exemptions and legal exceptions that allow one not to have to always ask for the two authentication factors, which benefits the user’s experience without the payment thus ceasing to be secure. 


Moreover, the SCA requisite only applies when both the payer’s PSP and the store’s PSP are in the European Economic Area (EEA), so payments with cards issued outside the EEA are not subject to SCA.


On the other hand, a series of situations are foreseen in which the PSPs issuing payments are allowed not to apply SCA, due to these being considered lower risk. These situations are:

  • Personal payment by contactless card of amounts under € 20, up to a maximum of 5 operations or an accumulated amount of € 150.
  • Payments on Internet for an amount under € 30, up to a maximum of 5 operations, or an accumulated amount of € 100.
  • Recurring payments from the same account and to the same store.
  • Payments at unattended terminals on motorways, toll booths and parking lots.
  • Payments to receivers trusted by the holder, that the issuer is specifically instructed are such.
  • Some corporate payments.
  • Payments with low fraud risk.


The new SCA requisites linked to cases of exemptions and exceptions to your application involve a change in the way users of payment services are going to shop.


Notwithstanding the foregoing, one must point out that although strong customer authentication will come into force on 14th September 2019, there is a moratorium to apply SCA in Internet payments, so for the moment, users of payment services will not note changes in such transactions. 


MORE INFORMATION: The Frequent Questions of our web clarify situations that may arise due to this new regulation.



  • You must take reasonable measures in custody and use of your security credentials and cards. We recommend you to consult the security measures we advise you for your cards and the Unicaja Banco Electronic Banking.
  • At the moment of providing a third party authorisation to consult your accounts, we advise you to carefully read all the terms and conditions of the service, as well as to be aware that by allowing access to your movements, you will be leaving the responsibility for use of your data in the hands of that third party.


Consumer rights to make payments in the European Union.

WHAT IS PSD2? Information for payment service providers (TPPs)

PSD2 (Payment Services Directive), Directive 2015/2366 on payment services in the internal market, a European directive that has the main aim of facilitating payments throughout Europe with greater security and promoting innovation of payment services over the Internet. This Directive has been transposed into the Spanish juridical order in Royal Decree Act 19/2018 on payment services and other urgent measures on financial matters.


These new regulations involve fundamental changes in the industry by allowing third party payment service providers access to Bank infrastructure, in this case, referred as account manager payment services, that is, the payment service provider that facilitates one or various payment accounts to an orderer and takes charge of their maintenance.


They seek, among other matters, to level the playing ground between countries and between payment service providers, thus reinforcing the position of the consumer, who benefits from greater competition. They also aim to standardise new methods of payment, such as those performed online or by mobile telephone, and for account managing payment service providers to open their payment services to third party companies, those called TPPs (Third Party Payment Service Providers). To sum up, third parties, TPPs, are provided access to the client payment accounts at a bank and the payments are initiated on their behalf, with prior authorisation by the account holder.


With PSD2, the payment service user may simply authorise the TPP to execute payments on its behalf through a bank account. That is, the TPP and the bank shall now communicate directly using an API (Application Program Interface).


The companies or professional developers (TPPs) who fulfil the requisites of registration, authorisation and supervision by the competent authorities of each State, may use the APIs, consult their technical specifications and easily test them in a test environment called sandbox.


We provide you below the statistics on the availability and performance of PSD2 APIs in recent months:


Doubts or incidents that arise, both in the configuration process as well as within the scope of production, shall be resolved in the opening hours, 24 hours a day, 365 days a year, with the following Redsys contact data:

For claims, complaints or incidents that cannot be resolved using the above contact data, there is a client care service at Unicaja Banco, from Monday to Saturday, continuously from 8:00 h. to 22:00 h. on telephones +34 952 076 263


The service provided by Unicaja Banco on the APIs infrastructure provides high availability, but in the hypothetical case of the service being interrupted, the contingency plan includes deactivation of the access SCA every 90 days to allow web scrapping without validating the eiDAS certificate.



Platform for out-of-court dispute resolution between consumers and traders

General information on measures to strengthen the protection of mortgagors

Information on the Floor Clause

Information on Royal Decree-Law 1/2017, of 20 January, on urgent consumer protection measures in the issue of floor clauses (Official State Gazette - BOE - of 21 January, with entry into force on the same date; recognised by the Resolution of the Congress of Deputies of 31 January 2017 - BOE of 7 February 2017).


The purpose of this Royal Decree-Law is the establishment of measures that facilitate the return, when appropriate, of amounts unduly paid by the individual consumer to credit institutions in application of certain floor clauses contained in loan or credit agreements guaranteed with a property mortgage.


The customers of the Bank with the relevant profile will be able to benefit from this Royal Decree-Law.


Specialised service responsible for settling claims related to the floor clause. 


The Bank has created the following specialised service to process the claims received that are within the scope of Royal Decree-Law 1/2017:

  • Name: "Specialised Service 'Floor clause' (RDL 1/2017)".
  • Postal address: Avenida de Andalucía, 10-12, 29007 Málaga.
  • E-mail address:
  • Date of entry into operation: 21 February 2017.


Filing of claims


The claims, duly signed, will be filed at the branch where the claimant is a customer, or, failing that, at any of the bank's branches that are open to the public.


The bank makes available to its customers, on its website and at branches open to the public, an application form.


The claims must contain at least the following information and documentation:


Personal details of the customer (and of the representative, if applicable): first name, surname(s), Tax ID number (NIF) and address. The representation of the customer, conferred on a third party, must be duly certified.


Identification of the loan subject to the claim (bank account number (CCC), available in any of the receipts for the mortgage loan/credit leading to the claim), and specification of the matters on which a decision from the Specialised Service is requested.


Once the claim has been received, its reception will be acknowledged for the purposes of calculating the deadlines stipulated in Royal Decree-Law 1/2017.


The customer's submission of certain documents together with the application, such as the binding offer, FIPER, loan or credit deed, subrogation or novation deed, private agreements on the modification of conditions, etc., is voluntary, but could speed up the analysis of the claim.




The bank, through the Specialised Service, will be obliged to process and manage the claims made by customers within the scope of the Royal Decree-Law. The maximum term for the customer and the Bank to reach an agreement will be three months, counted from when the claim was filed. If the claim was filed before 21 February 2017, the three-month period will begin from this date.


In the event that the bank considers the refund to be inappropriate, it will inform the customer of the reasons for its decision.


Once the claim has been received, the bank will calculate, where applicable, the amount to be refunded, and will provide the customer, through its branch, with a notification detailing this calculation.


The customer must state whether they agree with the calculation. If they do, the customer and the bank may agree on compensatory measures other than a cash refund, after 15 days have passed since the date of reception of the decision on their claim.


Other information


The customer and the bank may not take any judicial or out-of-court action against each other with regard to the matter of the claim during the time it is being processed. If a lawsuit is filed prior to the end of the procedure and with the same purpose as the claim, when notified, the process will be suspended until the previous claim is settled.


In the legal proceedings in progress on the entry into force of Royal Decree-Law 1/2017, in which a claim included in its scope is being addressed, launched by one or more customers against the bank, the parties may mutually agree to submit to this procedure, requesting the suspension of the process.


The agreed refunds may have an effect on tax and will be reported to the Tax Agency.


References to the regulation on transparency and the protection of financial services customers


Regulations for consumer protection and general contracting conditions.

  • Royal Legislative Decree 1/2007, of 16 November, approving the revised text of the General Law on Consumer and User Protection and other supplementing laws.
  • Law 7/1998, of 13 April, on general contracting conditions.

Protection of the user of banking services

  • Royal Decree-Law 1/2017, of 20 January, on urgent consumer protection measures in the issue of floor clauses.
  • Order ECC/2502/2012, of 16 November, regulating the procedure for presenting claims to the complaints services of the Bank of Spain, the National Securities Market Commission and the General Directorate of Insurance and Pensions.
  • Law 44/2002, of 22 November, on Measures to Reform the Financial System.

Banking transparency regulations

  • Law 1/2013, of 14 May, on measures to strengthen the protection of mortgagors, debt restructuring and social rents.
  • Circular 5/2012, of 27 June, of the Bank of Spain, to credit institutions and payment entities, on banking service transparency and responsibility in granting loans.
  • Order EHA/2899/2011 of 28 October, on banking service transparency and customer protection.
  • Order of 5 May 1994 on the transparency of the financial conditions of mortgage loans (repealed provision, which may be applicable according to the signing date of the loan/credit transaction).
  • Law 2/1994, of 30 March, on the subrogation and modification of mortgage loans.
  • Circular number 8/1990, of 7 September, to Credit Institutions, on the transparency of transactions and customer protection (repealed provision, which may be applicable according to the signing date of the loan/credit transaction).
  • Order ECO/734/2004, of 11 march, sobre los departamentos y servicios de atención al cliente y el defensor del cliente de las entidades financieras. 
  • Royal Decree 536/2017, of 26 may, por el que se crea y regula la Comisión de seguimiento, control y evaluación prevista on Royal Decree-Law 1/2017.

Informative poster about the IDEP

If you wish to arrange a mortgage loan on a property, you have the right to receive a mandatory documentation index (known as an "IDEP"), which lists all documents that must be supplied before it can be formalised.


Law 3/2016, of 9 June, for the protection of the rights of consumers and users when taking out mortgage loans and credits on a property (Official Bulletin of the Andalusian Autonomous Government - BOJA of 16 June 2016).

Loan without mortgage security subject to Act 5/2019

Pursuant to the provisions set forth in Act 5/2019 of 15 March governing real estate credit agreements and Order EHA/2899/2011 of 28 October on transparency and financial services customer protection, Unicaja Banco places at your disposal:


- The Pre-Contractual Information Sheet (Spanish initials, FIPRE), which is aimed at giving clear and sufficient information for guidance purposes about the loans without mortgage security offered by the Institution that are subject to Act 5/2019:


- The General Terms and Conditions Unicaja Banco uses in agreements included under the scope of said Act 5/2019 for loans without mortgage security:

General terms and conditions for taking out real estate loans subject to Act 5/2019

Prize draw rules and promotions