Guidelines for Abiding by Mexico's FinTech Regulations
Mexico has taken a significant step in the digital finance landscape by establishing a clear set of requirements for the fintech industry. The country was the first in the region to introduce such regulations, setting a precedent for others to follow.
The cornerstone of Mexico's FinTech Law, introduced in March 2018, focuses on regulating virtual assets and cryptoasset-related activities with stringent compliance requirements for different types of entities.
Classification of Virtual Assets
Under Mexican law, virtual assets are considered intangible movable property, making them subject to legal acts and regulation.
Regulatory Framework
Financial institutions (banks and fintech companies) must obtain prior authorization from the Mexican Central Bank to operate with virtual assets. However, their activities are restricted to internal operations; they cannot offer virtual asset services to the public or transfer associated risks to clients.
Non-financial entities (individuals or entities not classified as banks or fintech firms) can provide services involving virtual assets without a license but are subject to strict Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) obligations. Transactions equal to or exceeding approximately USD $3,500 must be reported to the Ministry of Finance and Public Credit.
AML Obligations
The AML Law expands "vulnerable activities" to include exchanges of virtual assets involving Mexican nationals even if performed abroad. It demands enhanced risk assessments, annual training for staff involved in financial transactions, automated transaction monitoring, and audits depending on risk levels. Mandatory reporting of suspicious transactions to authorities within 24 hours, retention of documentation for 10 years (double the previous period), and refined definitions for beneficial ownership, lowering the threshold to 25% ownership are also part of the requirements.
Beneficial Owner Identification
Companies must register and update information on their beneficial owners (persons with effective control), compelled to file such notices with the Ministry of Economy and comply with related verification processes.
Additional Compliance
Both financial and non-financial entities must observe applicable data protection and tax reporting obligations related to virtual asset services.
These provisions position Mexico's FinTech regulatory framework as one emphasizing AML/CTF controls, transparency, and banking authority oversight, especially regarding virtual assets and crypto operations, to safeguard against illicit financial activities and protect investors.
Other Key Provisions
Licensed fintech entities must get a license from the National Banking and Securities Commission (CNBV). The FinTech Law allows for three types of fintech entities to be licensed: collective financing (crowdfunding) institutions, electronic money institutions (EMI), and innovation model (sandbox model) startups.
EMIs are required to classify clients based on their risk level. Cash deposit limits per client for EMIs are $3,290 per month, and cash withdrawals are capped at $490 per day per client. EMIs can delegate the execution of their services to domestic or foreign third-party providers.
Transfers of funds to or from deposit accounts opened with foreign FTIs are limited to $550 per month per client for accounts classified as low risk. The CNBV and the Bank of Mexico are authorized to monitor third-party service providers continuously hired by an EMI.
The main goal of these reforms is to transition from traditional payment methods to electronic and mobile ones. The fintech industry allows companies to easily reach clients from all over the world.
Mexico started working on financial inclusion strategy reforms in 2015. A licensed fintech company must disclose essential financial information to the public, including annual introductory consolidated financial statements, basic consolidated financial statements, annual reports of the sole administrator or CEO, a document specifying managers, and compensation details of the governing body. There is a maximum limit of 1,700 UDI for financial operations with foreign FTIs for low-risk clients; no limits for others. Transactions with foreign FTIs cannot take place if they come from high-risk countries or have deficiencies in combating terrorism and money laundering. Licensed fintech companies must get authorization from the CNBV for any financial operations with foreign FTIs.
- Mexico's regulatory framework for fintech businesses, particularly those dealing with virtual assets, emphasizes strict Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) controls, requiring reporting of transactions over a certain amount to the Ministry of Finance and Public Credit, implementing enhanced risk assessments, and mandatory staff training.
- In the realm of business and technology, licensed fintech companies in Mexico are tasked with transitioning from traditional payment methods to electronic and mobile ones, promoting financial inclusion, and adhering to stringent data protection and tax reporting obligations related to virtual asset services.
