How to Pass CNBV AML Audits in Mexico: A Complete Compliance Guide (2026)

Last year, almost $10 million in fines were issued to three Mexican financial institutions for anti-money laundering (AML) failings following audits by the country’s financial regulator, the CNBV (Comisión Nacional Bancaria y de Valores or, in English, National Banking and Securities Commission).

Banks CIBanco and Intercam, and brokerage firm Vector Casa de Bolsa were fined a combined total of 185 million pesos (US $9.8 million) for “non-compliance in administrative processes”. The CNBV audits found issues with the two banks’ money laundering prevention processes and Vector’s publishing of mandatory information.

The CNBV plays a critical role in overseeing AML in Mexico and was temporarily administering the firms following money laundering allegations by the US Financial Crimes Enforcement Network (FinCEN). While this is not a typical scenario for financial institutions in Mexico, it does highlight the importance of AML compliance in the country and the potential risks from a CNBV audit.

Let’s take a look at how these audits work and the steps financial institutions can take to ensure they pass.

What is a CNBV AML audit?

A CNBV AML audit is an inspection of the money laundering prevention activities of a financial institution operating in Mexico by the country’s financial regulator, the CNBV. 

It is responsible for supervising and regulating banks and other credit institutions, brokerage firms, investment funds, and a wide range of other financial entities and intermediaries that make up the country’s financial system in order to ensure stability, proper functioning, and protection of the public.

The regulator reviews an institution’s AML framework against Mexico’s AML regulatory requirements to identify any compliance failings. It can require a financial institution to improve its AML framework and may issue sanctions, such as fines, for serious failings.

CNBV AML regulatory framework in Mexico

The CNBV does not set Mexico’s AML regulatory framework, but issues AML compliance guidelines, carries out compliance audits, investigates suspected AML compliance breaches, and imposes sanctions for non-compliance.

Key regulations for AML in Mexico are:

• Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin (the “Anti-Money Laundering Law”. This sets AML obligations for financial institutions and other designated entities.
• Law to Regulate Financial Technology Institutions (the “FinTech Law”). This defines virtual assets (such as cryptocurrency) and regulates their use in the financial sector, including establishing AML obligations.
• Regulations for the Supervision of Transactions with Virtual Assets. These regulations include measures to mitigate money laundering risks from virtual asset transactions.

As and when new regulations are introduced, the CNBV updates its guidelines to account for any new requirements. 

Key components of a CNBV AML audit 

An AML compliance audit by the CNBV will involve a comprehensive review of an institution’s AML framework and how effectively this is being followed. The following AML audit checklist covers key areas the regulator will look at. 

✔️AML risk assessment

Assessing factors such as the risk assessment criteria you use for determining a firm’s money laundering risk for further mitigation, where possible.

✔️Internal controls

Investigating the suitability of the policies, procedures, and processes that underpin your AML framework, as well as how effectively they are being followed.

✔️Know Your Customer (KYC) and Customer Due Diligence (CDD)

Determining whether you have appropriate and effective KYC and CDD processes to verify customers’ identities and determine what level of risk they pose for financial crime.

✔️Transaction monitoring

Looking at whether these are suitable for identifying suspicious transactions, as well as issues such as how they are applied to customers based on their risk profiles.

✔️Suspicious Activity Reporting

Determining whether you are meeting your Suspicious Activity Reporting obligations, including whether reports are being made when required and if they contain all necessary information. 

✔️Record keeping

Examining your record-keeping practices and the records themselves to determine if they meet the regulatory requirements.

✔️Staff training

Assessing your AML training program to find out if it covers all requirements and whether it is being delivered effectively.

✔️Independent audits and reviews

Looking at your schedule of independent audits and reviews, as well as any previous compliance gaps that have been identified, and what action you took to remedy those gaps.

Common CNBV audit failures and how to avoid them in 2026

There are many AML program failures and compliance gaps that may be picked up by the CNBV. The table below highlights some of the most common issues and what can be done to avoid them.

How to prepare for a CNBV AML audit in Mexico

You may be facing an AML audit by the CNBV or want to know how to meet AML compliance guidelines more generally in case of a future audit. Whatever the situation, the following are key steps you can take to prepare.

Step 1: Building an effective AML compliance program

To prepare for a CNBV AML audit, a business must have an effective AML compliance program in place. This starts with a clear understanding of applicable regulatory requirements, followed by the implementation of appropriate AML policies, procedures, and technology to support a robust compliance framework. It is equally important to ensure that this AML compliance framework is properly followed across the organization, with regular training for all relevant staff. A strong AML compliance framework is also critical for combating fraud, meeting AML obligations, and protecting customers.

Suggested read: AML Compliance Program: The Essential Guide

Step 2: Ongoing monitoring

It is important to recognize that creating an AML framework is not a “one and done” activity. You should constantly assess the effectiveness of your framework and any incidents that occur, so you can make adjustments and continuously improve. 

Step 3: Documentation and record-keeping

Clear, accurate documentation for your AML framework helps demonstrate to auditors that you understand your compliance obligations. Comprehensive records can demonstrate that your framework is being used effectively and help avoid questions about gaps in your data.

Step 4: Independent audits

Regular independent audits can identify any compliance gaps before a CNBV audit. The CNBV will look for records of independent audits and will want to see evidence of the steps you have taken to fix any issues.  

Post-audit: Remediation and continuous improvement

AML compliance gaps identified in a CNBV audit must be remedied to avoid serious consequences, such as fines and restrictions on your operating license (or even its removal). 

AML compliance failings uncovered by an independent audit should also be addressed, as failure to do so will likely count against you if you are later audited by the CNBV.

Compliance gaps don’t always need to be fully fixed immediately, but you will at least need a realistic plan to achieve compliance within a sensible time frame.

Firms also need to demonstrate continuous improvement in their AML compliance by learning from past incidents, refining processes, and investing in new technology and training.

Staying AML compliant in Mexico in 2026

Technology is increasingly critical for AML compliance around the world, with advanced AML solutions helping to improve regulatory compliance while reducing costs. 

Sumsub’s AML compliance platform—combining identity verification (KYC/KYB), AML screening, ongoing monitoring, and case management—supports end-to-end compliance workflows required by Mexican regulators.

Sumsub’s AML compliance software is aligned with Mexico’s regulatory regime and is regularly updated to ensure adherence to the latest requirements.

Using the latest advances in AI technology, we can help you operate more effectively and efficiently, while also providing access to our human experts in Mexican AML regulations.

Stop money laundering with Sumsub

Contact us and our experts will show you how to stay fully compliant and spot money laundering

Learn more

FAQ

• What is an AML audit?

  An AML audit is an investigation of an institution’s anti-money laundering framework to determine whether it complies with the obligations imposed by a jurisdiction’s AML laws.

• How often does CNBV require AML audits?

  Annually. However, in certain cases, the number of audits could be extended. How often the CNBV audits an institution will depend on its risk profile, i.e., how likely the regulator thinks it is that money laundering activity could be taking place through a particular institution or sector. An audit may also be triggered by specific circumstances, e.g., allegations of money laundering.

• What is AML compliance in Mexico?

  AML compliance in Mexico refers to the obligation that regulated entities have to conform to the country’s anti-money laundering laws.

• Why is AML compliance important for Mexican banks?

  AML compliance is a regulatory requirement for Mexican banks, so meeting compliance obligations is important to protect against possible penalties for regulatory breaches. It also protects their customers and the integrity of the Mexican financial system.

• What does a CNBV AML audit checklist include?

  A CNBV AML audit will check whether an institution is meeting its regulatory obligations in areas including:

  • AML risk assessments
  • Internal controls  
  • KYC and CDD
  • Transaction monitoring
  • Suspicious Activity Reporting
  • Record keeping
  • Staff training
  • Independent audits and reviews

• How can I prepare my institution for a CNBV audit?

  To prepare for a CNBV audit, you need an effective AML compliance framework, training, a risk culture to support its operation, and accurate records that demonstrate you are meeting your obligations. Independent audits can identify any weaknesses to be rectified before the regulator’s audit.

• What are the penalties for failing a CNBV AML audit?

  Penalties for AML failings uncovered during a CNBV audit can include sanctions, such as fines, warnings, temporary suspension of operations, and restrictions to or revocation of operating licenses. Entities and individuals could also face civil and criminal penalties for serious AML failings.

• What is the difference between an AML audit and an AML risk assessment?

  An AML audit is a review of a regulated entity’s compliance with AML regulations. An AML risk assessment is a process that regulated entities must carry out to establish the risks related to ML.