Jan 13, 2022
5 min read

How to Comply with Mexico’s FinTech Law

Mexico is the first country in Latin America to implement a FinTech regulation act. This article covers which institutions fall under the law and what they need to do to comply

Being one of the largest fintech markets in the region, Mexico has been working on reforms regarding the financial inclusion strategy since 2015. The main goal of these initiatives is to transition from traditional payment methods to electronic and mobile ones. Accordingly, Mexico has become the first country in the region to create a clear set of requirements for the fintech industry, setting the tone for the rest of Latin America.

In March 2018, the Government of Mexico took an additional step by introducing the Law to Regulate Financial Technology Institutions (also known as the “FinTech Law”), which focuses on promoting innovation and integrating new technologies with existing banking and financial services. The law generated a positive reaction from investors and fintech companies with established business models.

What is FinTech?

Financial technology (FinTech) includes a wide range of services and applications that help financial technology institutions (FTIs) provide automated services. From banks to startups, FinTech has been integrated into every financial sphere. Some of the most prominent examples of the fintech industry are:

  • Blockchain and cryptocurrencies
  • Mobile payments
  • Crowdfunding platforms
  • Trading
  • Insurance

With the spread of fintech in each field, small startups now have the opportunity to compete with traditional companies by introducing new approaches to financial operations. At the same time,traditional companies can implement fintech features to simplify lengthy documentation processes for clients.

The fintech industry allows companies to easily reach clients from all over the world, breaking geographical barriers and creating uncertainties for regulators. Fraudsters can easily use the industry for illegal purposes, such as money laundering. Therefore, countries like Mexico are introducing regulations to prevent illegal activities through FinTech.

What Institutions Fall Under Mexico’s FinTech Law

According to Mexico’s FinTech Law, only three types of fintech entities can be licensed:

  1. Collective financing (crowdfunding) institutions use mobile applications, interfaces, websites, or any other means of electronic or digital communication to connect people or companies seeking financial support with investors.
  2. Electronic money institutions (EMI) offer services for the issuance, management, accounting, and transmission of electronic payments (e.g. electronic wallets).
  3. Innovation model (a.k.a. “sandbox model”) startups are financial services that implement innovative technological activities to simplify financial operations (e.g., platforms for issuing and trading). The FinTech Law allows such organizations to operate under a temporary license without simultaneously complying with all regulatory requirements for two years. As a result, startups are able to test innovative technologies.

All these organizations must get a licence from the National Banking and Securities Commission (CNBV). Even if a foreign FTI has already been registered or licensed by its national authority, it must still apply to the CNBV for a permit to operate in Mexico.

In addition, fintech companies seeking authorization must comply with minimum capital requirements:

  • crowdfunding institutions: 500,000 UDI (an index unit of funds used in Mexico as a stable alternative to Mexican peso) if they provide one type of transaction; 700,000 UDI if they facilitate multiple types of transactions or virtual currency transactions or operate derivatives with underlying virtual assets.
  • EMIs: 500,000 UDI if they carry out in Mexican currency only; 700,000 UDI if they carry out virtual transactions or foreign currency transactions or operate derivatives with underlying virtual assets.

It should be mentioned that several FinTech sectors do not fall under the FinTech Law, including insurance and credit risk.

Requirements After Being Licensed

Having a license to operate as an FTI in Mexico imposes specific responsibilities on organizations.

Legal naming requirements

The FinTech Law also has strict requirements for company names and explicitly prohibits using any abbreviations associated with FTIs without permission. However, authorized FTIs must include words “electronic money institutions” or “crowdfunding institutions” in their company name, depending on their activities.

Requirements for transparency/publicity

The FinTech Law requires licensed companies to publish reports on their financial activities on their website. The crucial provision of the law requires EMIs, including all other FTIs, to explicitly state that no government agency will guarantee or be liable for any funds or assets used in any transaction with an EMI. Such statements must be communicated to clients through their respective web pages, digital applications, other electronic communications, and in advertisements and contractual documents that they enter into with their clients.

Requirements regarding foreign FTIs

Licensed companies are obliged to get authorization from the CNBV for any financial operations with foreign FTIs. The maximum limit for such operations is 1,700 UDI for low-risk clients; there are no limits for everyone else. However, transactions with foreign FTIs cannot take place if they come from high-risk countries or if they have deficiencies in combating terrorism and money laundering.

Disclosure requirements

A company must provide a set of essential financial information to the public. In particular, a licensed fintech company needs to publish:

  • The annual introductory consolidated financial statement on its website, including notes and the independent external auditor’s report.
  • Basic consolidated financial statements with data collected in March, June, and September of each year.
  • The annual report of the sole administrator or CEO, depending on the management model, including comments and analysis of the administrative body on the company’s performance and financial position.
  • A document specifying independent and non-independent managers and indicating the professional profile and work experience of each board member.
  • The total amount of assets, including presented compensation and benefits of any kind, received from FTIs during the last fiscal year by the people constituting the governing body, CEO, and key officers.

In addition, the CNBV, upon issuance or authorization, may request the disclosure of information from the licensed FTIs in accordance with the specified accounting criteria.

Regulations for E-Money Institutions

The FinTech Law also provides regulations that are only applicable to EMIs. Thus, EMIs can delegate the execution of their services to domestic or foreign third-party providers if they consider this necessary for executing their operations successfully. Yet, the law specifies that an EMI remains a legal entity that is liable to their client.

The FinTech Law also states that third-party service providers are not exempt from fulfilling specific obligations, which include the following regulatory requirements:

Supervisory requirements

The CNBV and the Bank of Mexico are authorized to monitor third-party service providers continuously hired by an EMI. Such supervisory powers include the ability of the CNBV and Bank of Mexico to request that EMIs audit their third-party service providers. In such cases, it’s necessary to indicate the purpose of any inspection or audit request. The scope of such inspections is limited to the service under the contract according to the provisions of the FinTech Law and its by-laws.

Risk level classification

EMIs are required to classify clients based on their risk level, which will depend on the outcome of the clients’ due diligence procedures.

Limitations on transaction amounts

EMIs must request permission from the CNBV to receive or transfer cash funds in Mexican Pesos (MXN) to or from their clients. Cash deposit limits per client are $3,290 per month, and cash withdrawals are capped at $490 per day per client. In addition, transfers of funds to or from deposit accounts opened with foreign FTIs are limited to $550 per month per client for accounts classified as low risk. Transactions for individuals are limited to $10,000 per month, while there is no limit on the financial amount of international transfers of funds for corporations.

In comparison, crowdfunding institutions need to be authorized by the CNBV to receive cash funds from their clients up to 3,000 UDI for low-risk clients and 10,000 for other types of clients.


The emergence of the FinTech Law finally closed gaps in legislation regarding crowdfunding institutions, EMIs, and fintech startups, setting rules for conducting fintech operations in Mexico. However, these requirements and responsibilities put fintech institutions in a strict compliance framework, which can entail both economic and legal consequences.

Since the new regulations are strict, it took two years for the first fintech company to be licensed. However, by March 2021, 93 companies were already going through the last stages of the licensing process. Soon enough, more companies may become authorized to operate under the FinTech Law, and the licensing process should become faster and more organized.

Let Sumsub help your company stay compliant with KYC/AML requirements in Mexico. Get in touch with us today.