Fernando Ramos: "Our job is to build guardrails that stop bad actors without slamming the brakes on innovation"
Fernando Ramos is Partner and Chief Legal Officer at Bit2Me, Spain’s leading crypto-asset platform, and founder of Data Bitlaw & Compliance, a boutique firm specializing in digital-asset regulation, data protection, and AML. A onetime tech-savvy attorney within Garrigues and Lener, Fernando now guides exchanges, token issuers, and financial institutions through Europe’s fast-moving MiCA and AML landscape, drawing on a decade-long head start that began when he wrote one of the first voluntary crypto KYC manuals back in 2015.
“The law is always sprinting to catch up with code,” he says. “Our job is to build guardrails that stop bad actors without slamming the brakes on innovation.” For Fernando, bridging that gap demands a rare mix of deep-tech fluency and regulatory rigor—skills he believes will be non-negotiable for the next generation of compliance professionals navigating an economy increasingly powered by blockchain.
Question: Fernando, you started your career as a traditional attorney and now you’re a leading figure in blockchain and cryptocurrencies. What has your professional journey been like to get here?
Answer: I was actually headed for engineering, but my dad insisted I keep up the family tradition of law. I enrolled in Law at Carlos III just as the program was starting. From day one I was drawn to the tech side of the law, so I quickly leaned in that direction. I joined one of the first tech-focused firms, Anguiano y Asociados, which was later absorbed by Garrigues, and then I led the new-technologies department at Lener. Eventually I struck out on my own with DPO & IT Law, now called Data Bitlaw & Compliance. Since 2014 we’ve been advising on Digital Law and compliance—especially asset digitalization or financial instruments on DLT, MiCA licenses or authorizations, blockchain legal advice, data protection, and anti-money-laundering (AML) compliance. When the crypto boom hit in 2015, we jumped right in, thanks in large part to our earlier work on hash algorithms for electronic signatures, which gave us a head start on understanding blockchain tech. From there we began working with Bit2Me, where I’m now a partner and Chief Legal Officer, while still running our firm focused on Digital Assets, Blockchain, and MiCA regulation.
Q: You mention you started in blockchain back in 2015, when regulation barely existed. How has AML and KYC regulation in crypto evolved since then?
A: When we started, there was no clear framework, but even in 2015 we voluntarily drafted AML and KYC manuals for Bit2Me. It was really tough at first—banks would shut down accounts just for mentioning Bitcoin, and even SEPBLAC wouldn’t accept our reports, citing data-protection issues. Little by little, especially after the U.S. regulations in 2012, Europe followed suit, and Spain finally adapted Law 10/2010, recognizing crypto providers as obliged entities. Today SEPBLAC’s knowledge has grown enormously, though its recommendations for non-face-to-face video identification can be technically tricky to implement.
Q: From your perspective, how do you rate Spain’s regulatory progress compared with the rest of Europe?
A: Spain has moved forward a lot, especially by adapting laws that let blockchain be used for financial instruments and by temporarily allowing crypto services through registration with the Bank of Spain until MiCA was approved. Still, I’d say we’re a bit behind countries like Germany, the Netherlands, or Austria, which have been much quicker to issue MiCA licenses or allow digitalization of financial instruments. The CNMV is doing great work on fintech, but it still struggles to speed up license processing.
Q: What do you see as the biggest challenges for crypto companies trying to comply with KYC/AML without hurting user experience?
A: It’s tough, especially with no physical presence. We rely heavily on third-party providers specialized in remote digital ID to meet SEPBLAC’s guidelines. The good news is they keep publishing guides and reports on complying with AML law, so we know the rules of the game. There’s still ground to cover, though: after the March 2023 Securities Market Law, there’s debate over whether token-issuing companies should be AML-obliged entities. All signs say yes, but Law 10/2010 isn’t ready for that type of entity, so we’re waiting for clarification from SEPBLAC—or for the sector to self-regulate. Everything’s still in its infancy, and once again technology is ahead of the law. Robust, practical tech solutions that prevent fraud without over-complicating UX are key.
Q: Which technological innovations do you find most promising for improving KYC and ID verification in the short term?
A: I think we’re heading toward solutions that combine blockchain with biometrics to enable self-sovereign identity. Users could share only the personal data they choose, instead of repeating complex processes with every provider. We still have major hurdles around data protection and the right to be forgotten—especially on public blockchains. It’s tricky but essential for future compliance. The European Data Protection Board just published recommendations on DLT usage—like permissioned blockchains that identify the controller and processor, or storing personal data on-chain via links that let the controller partly guarantee erasure rights. So, compliance for using these technologies is slowly coming into focus.
Q: You mentioned self-sovereign identity. How do you think it could transform compliance and data protection?
A: Self-sovereign identity would be a huge leap forward. People would fully control who accesses their personal data, cutting out intermediaries. The challenge is practical implementation: everything on blockchain is immutable, which raises GDPR concerns. We need tech mechanisms that can safely unlink or anonymize data once it’s no longer needed, and that’s exactly the path we’ve recommended at Data Bitlaw—and it seems to be the one Europe’s regulators are choosing.
Q: What key regulatory differences do you see among countries regarding blockchain and crypto?
A: The U.S. is always ahead, with fast, pragmatic regulation. In Europe, the Netherlands, Germany, and Austria are also quick movers, letting their companies get a head start. Spain is progressing but more slowly, and I think the main issue is internal: there’s a lack of institutional support for local companies versus foreign ones. For example, Bitpanda has already secured several MiCA licenses around Europe—something that still seems harder here, which hampers Spanish competitiveness.
Q: Which regulatory trends do you think will shape the near future of blockchain and cryptocurrencies?
A: I expect big strides toward DeFi and self-custody. We’re heading back to a model where users fully control their assets and financial operations. That’s a radical shift from traditional banking, but it raises massive regulatory challenges around KYC, AML, and taxation. We need regulations that facilitate these processes, not block them.
Q: What’s your take on the growing tokenization of real estate?
A: I think it’s an excellent opportunity. Tokenization drastically lowers minimum investment tickets, opening real-estate investing to more people and creating a very liquid secondary market. It also offers attractive returns, though it carries risks like any participatory investment. It’s a very promising space that’s already working well in Spain.
Q: What advice would you give entrepreneurs launching blockchain projects who are navigating this complex regulatory landscape for the first time?
A: Lean on companies that are already authorized and licensed, especially if you don’t yet have the resources to cover MiCA license costs. Get solid legal advice from day one to understand which services you can offer without complex licenses and which will require hefty regulatory investment. The key is grasping the rules early so you don’t make costly mistakes later. The legal landscape is clearing up, and services that once seemed impossible are now doable with full legal security.