Principal Legal Framework
The principal laws governing the banking sector in Mexico are as follows:
Although banks are heavily regulated, the most relevant regulations concerning their operations are as follows:
The principal authorities responsible for supervising banks in Mexico are:
The organisation and operation of a bank in Mexico requires authorisation from the Commission. Prior to granting the authorisation, the Commission must have a favourable opinion of the Central Bank of Mexico with regards to the project. The granting of a bank authorisation is a discretionary authority of the Commission, and such authorisations are non-transferable.
Foreign banks are not allowed to provide banking and credit services through locally established branches, but rather need to establish a subsidiary.
Types of Authorisations
Outside development banks, which are owned by the Federal Government, the Banking Law provides for two types of bank authorisations:
There are very minor differences between these two licences with regard to their corporate organisation, activities and regulation. However, the quantity of information required from the owners of an affiliate bank in the process of authorisation is significantly reduced. Affiliate banks are owned and controlled by a bank established in a foreign country that has entered into a treaty with Mexico. This treaty must contain a provision allowing for the establishment of affiliate banks.
Activities and Services Covered
Article 46 of the Banking Law sets forth a comprehensive list of activities that banks are allowed to perform (including active and passive transactions and financial services). Banks must include in their by-laws the list of activities that they intend to perform. The minimum equity capital requirement for each bank will depend on the activities included in its by-laws. Bank regulations establish three different predefined sets of permitted activities that banks can elect to include in their by-laws, as follows:
Any other combination of permitted activities requires the bank to have the same minimum equity capital as that of the banks that elect to include all of the permitted activities in their by-laws.
The most significant restrictions for banks are the prohibition on acting as underwriters in public offerings of securities and the prohibition on issuing insurance policies.
The process of authorisation is carried out with the Commission and might take between 12 and 18 months. Operations usually commence within 18–24 months after the project has started. The authorisation process involves the following stages:
Thereafter, the bank has 90 days to approve the executed deed of its incorporation. Within 180 days of the approval of the deed of incorporation, the bank requests the Commission to authorise its commencement of operations. Such authorisation involves officers from the financial authorities visiting the bank to test its operations.
At this stage, the applicants must pay the Commission a fee of approximately USD42,500 for the issuance of the bank authorisation and a fee of approximately USD136,000 for the authorisation to commence operations.
After receiving the authorisation to commence operations, the bank may start doing business with the public.
The acquisition and transfer of the shares of a bank in Mexico are subject to the following rules and requirements:
Pursuant to the Banking Law, control over a bank is the ability to impose decisions at the shareholders’ meeting, directly or indirectly. This includes the authority to exercise the voting rights of more than 50% of the shares and the authority to direct the administration, strategy and principal policies of the bank, whether through the ownership of securities or through any other legal means.
In addition, the acquisition of shares or the control of a Mexican bank could require authorisation from the Federal Economic Competition Commission (Comisión Federal de Competencia Económica) for antitrust matters. Likewise, the acquirer should consider the reporting and investment thresholds of the Securities Market Law (Ley del Mercado de Valores) if the shares of the bank are traded in a Mexican stock exchange.
Banks are not restricted from having foreign investors in their equity capital, but foreign governments are only allowed to participate, directly or indirectly, in the stated capital of banks in Mexico in the following circumstances:
The board of directors is the principal corporate body in charge of the corporate governance of a bank in Mexico. The board of directors must be integrated by no fewer than five and no more than fifteen statutory members, at least 25% of whom (rounded upwards) must be independent. Having independent board members is a concept of corporate governance that requires certain board members not to have any professional, business, commercial or family relationship with other directors, the shareholders or other stakeholders of the bank.
The number of officers of the bank that can be members of the board is limited to one third, as long as they are only either the CEO or officers within the two lower levels from the latter. For each statutory director, an alternate director can be appointed, in the understanding that the alternates of independent directors also qualify as independent directors. The board of directors is required to have a meeting at least every quarter and whenever necessary.
The board of directors is required to have certain committees with advisory duties. The bank must have at least an audit committee, a risk committee, a compensations committee (whose functions, subject to complying with certain requirements, may be performed by the risk committee), a communication and control committee (in charge of know-your-customer and anti-money laundering matters) and a related-party transactions committee.
These committees are auxiliary committees to the board of directors, and one or more of their members must be directors. In the case of an audit committee, all of its members must be directors and the majority of them, including the chairperson, must be independent.
The board of directors, at the audit committee’s proposal, is responsible for establishing the objectives and guidelines of the internal control system. The CEO is responsible for implementing the internal control system throughout the organisation. Once implemented, the audit committee is responsible for submitting the organisational chart, the code of conduct, the appointment of external auditors and the evaluation reports of the internal control system for the board’s approval.
The internal audit department, independent of the CEO, is responsible for reviewing the internal control system, both periodically and systematically, while reporting findings and implemented actions to the audit committee.
A bank’s financial information and its control systems are reviewed annually by external auditors and comisarios. The latter are persons appointed by the shareholders’ meeting and are in charge of overseeing the performance of the board of directors in connection with the internal control system.
Directors of a bank in Mexico can only be appointed by the shareholders’ meeting. Pursuant to the Banking Law, all directors need to have technical capabilities, honourability, satisfactory business and credit history and ample financial, legal or administrative knowledge. Most directors of banks in Mexico must be local residents.
No person can act as director for two banks, or a financial group holding companies that own banks, at the same time. The director must inform the shareholders’ meeting if they are the director of another financial entity.
Officers of a bank, including the CEO and all officers within the two hierarchy levels below the CEO, must be residents of Mexico with evidence of at least five years of previous professional experience in positions of high decision-making.
During the processes related to the authorisation of a new bank or to a change of control, the proposed directors, CEO and senior officers of the bank must submit predefined forms and letters for the consideration of the Commission, as well as supporting documentation showing:
Each director and officer will need to sign a letter, addressed to the Commission, with representations as to their honourability and creditworthiness, authorising the Commission to verify all information provided with the corresponding national or foreign authorities.
The Commission has the right to request additional information as it deems convenient, and may approve or reject the proposed appointment at its discretion.
In the ordinary course of business, any appointments of directors or officers must be communicated to the Commission within five business days. In this case, it is the bank that must verify and ensure the compliance of the proposed director or officer with all of the requirements established by law.
The Commission can request the removal of any officer or director that does not comply with the applicable requirements. This can be either at the time of the appointment or at any time thereafter, and the Commission can ban such officers or directors from occupying any positions in the financial sector.
The bank must always open and update, at least annually, a file for each director and officer containing all the information and documentation meeting the applicable requirements.
Banks must permanently implement, maintain and monitor a remuneration system consistent with effective risk management. The purpose of Mexico’s banking remuneration system is to ensure that the ordinary and extraordinary remuneration of its employees, administrative departments, control and business areas and other employees takes into consideration the actual and potential risks related to the individual activities of such employees.
The remuneration system must consider all remuneration, whether in cash or otherwise. It forms part of the internal control system and is ultimately overseen by the board of directors, which is advised on these matters by the remuneration committee, chaired by an independent director.
Unusual remunerations that are determined by individual performance or that of a particular department must not consider exclusively the results of the financial year in which the transactions occurred but also the risks and results seen during a reasonably longer period of time. To this extent, performance reviews must be consistent with and based on results adjusted by present and future risks, liquidity, capital costs and other considerably appropriate variables.
The remuneration system must be flexible enough to allow the bank to reduce or suspend the payment of extraordinary remunerations whenever the bank faces losses or whenever the risk impacts are greater than expected.
A bank’s remuneration system must be updated every year and must be made available to the public via its webpages. The information displayed must include a thorough description of the remuneration system, including qualitative and quantitative information and a mention of the actual remuneration amount paid during the relevant fiscal year, indicating if such remuneration was fixed or variable, paid or deferred, and in cash, stock, other equity instruments or otherwise.
The AML/CFT framework applicable to Mexico is founded on a risk-based approach. Mexican banks must assess their AML/CFT risks yearly, taking the following elements into consideration:
Identification and Follow-Up of Counterparties
Another AML/CFT requirement for banks in Mexico is the conduct of due diligence and know-your-customer exercises. The scope and degree of these requirements depends on whether they are conducted on:
There are simplified due diligence measures available and exemptions to it according to the client’s risk of AML/CFT. There are banking account levels, which begin with reduced due diligence requirements, subject to lower transactional levels. The permitted transactional level of accounts increases along with the increase in the depth of due diligence requirements. This regulation aims to bolster financial inclusion in the country.
Before COVID-19, banks did not have the widespread ability to start a client relationship remotely. However, the Commission has enacted rules that allow banks to remotely execute operations and agreements as long as they verify certain biometric information of customers’ IDs against the information in official records held by authorities like the National Electoral Institute (which issues the most commonly accepted photo identification in the country).
Banks must regularly assess whether their clients have their identifications and documents updated and their transactional behaviour in order to determine the risk they entail to the financial institution.
Banks must maintain internal structures, policies, controls and procedures against financial crime, including the following lines of defence:
Banks must have AML/CFT manuals and training in place, which are regularly shared with the Commission.
Reporting to Authorities
Banks are required to periodically file the following AML/CFT reports:
All these reports have specific thresholds, deadlines and conditions when being filed for the Commission.
Due to the risk of illicit activities between Mexico and the United States, Mexican authorities have implemented restrictions so that Mexican banks are usually restricted in receiving US dollars in cash, except when there is an economic rationale provided in the regulation – for example, receiving funds from legal entities with branches near the border.
The Bank Savings Protection Law (Ley de Protección al Ahorro Bancario) provides for the creation, organisation and functions of the Bank Savings Protection Institute, which is in charge of managing the savings protection fund.
Bank liabilities that are guaranteed by the Bank Savings Protection Institute are mainly on-demand and term deposits, savings accounts and revolving deposits associated with debit accounts, but only up to the amount of 400,000 UDIs per person – or legal entity – per bank (approximately USD152,000).
The deposit insurance to be provided by the Bank Savings Protection Institute to a bank’s depositors will be paid upon determination of the resolution of a bank. Upon payment, the Bank Savings Protection Institute acquires the claim of the depositor against the relevant bank. Any amount not paid by the Bank Savings Protection Institute can be claimed directly by the depositor from the relevant bank.
Obligations of banks in favour of financial entities, companies within the same financial group as the bank, shareholders, board members, the CEO and the officers within the immediately following hierarchy level, general managers and attorneys-in-fact of the bank are not insured by the Institute. In addition, the deposit insurance does not cover:
The deposit insurance is exclusive to bank liabilities and, therefore, does not cover financial products such as mutual funds, insurance products and other liabilities of other financial entities, even if the bank acts as the distributor of such products.
Banks have the obligation to pay ordinary and extraordinary contributions to the Bank Savings Protection Institute as determined from time to time by the governing board thereof. All banks must make monthly ordinary contributions to the Bank Savings Protection Institute in an amount equal to the twelfth part of 0.004 of the bank’s deposits and certain other liabilities. Calculating the standard contribution amount is done by subtracting the following from the total account of each bank’s liabilities:
The Bank Savings Protection Institute may also impose extraordinary contributions on banks, which may not exceed in any one year 0.003 of the deposits of the banks. Extraordinary contributions may be imposed by the Bank Savings Protection Institute when it does not have sufficient resources to satisfy its obligations, given the then-prevailing conditions of the Mexican banking system. Both ordinary and extraordinary contributions, in the aggregate, shall not exceed 0.008 of the liabilities of a bank on any one year.
Bank Secrecy Framework
Banks in Mexico are subject to very strict secrecy rules concerning their customers. Pursuant to the Banking Law, banks in Mexico may not provide any news or information on deposits, bank operations or services, including trusts, to the depositor, debtor, account holder, beneficiary, settlor or principal, their respective legal representatives, or the persons that have been legally authorised to withdraw from the relevant account or to be involved in the corresponding transaction or service.
This secrecy obligation is not related to the reporting obligations of banks with the Commission, the Central Bank, the Bank Savings Protection Institute and the regulators of Mexican banks.
This secrecy obligation will not be considered to have been breached by a bank when information is provided to judicial authorities pursuant to court-issued orders in judicial procedures in which the account holder, settler, beneficiary, trustee or agent is either a plaintiff or a defendant. Furthermore, banks will be exempted from their secrecy obligations and are consequently required to provide information requested by any of the following authorities, typically through the Commission:
Information and documents provided by banks to the authorities in connection with these bank secrecy exemptions may only be used in the proceedings and for the purposes indicated in the relevant request. The persons that acquired knowledge of such information and documents are required to keep them strictly confidential, even if they cease to be public servants. Any breach of this obligation will subject the relevant person to the applicable administrative, civil or criminal responsibilities as provided by law.
In addition, the Banking Law expressly allows the Ministry of Finance and Public Credit, the Commission, the Bank Savings Protection Institute, the Central Bank and the National Commission for the Protection and Defence of the Users of Financial Services, within their respective scope of authority, to give foreign financial authorities any and all information acquired by said Mexican authorities in the performance of their functions. This is provided that the relevant Mexican authority and the relevant foreign financial authority have entered into reciprocity agreements.
In any undue disclosure of bank secrets, the employees and officers of banks responsible for breaches of the secrecy rules and the relevant bank will be required to pay for the damages and lost profits caused by such breach.
In addition, non-compliance by a bank with the bank secrecy provisions set out in the Banking Law is considered a serious breach and can be sanctioned with fines imposed by the Commission, ranging from 30,000 to 100,000 update and measure units (UMAs, as per its acronym in Spanish), that is, approximately USD144,800 to approximately USD482,700.
Capitalisation of Banks in Mexico
The Banking Law requires banks in Mexico to maintain a regulatory capital, expressed as an index (the capital adequacy ratio – ICAP), which shall in no case be less than the sum of the capital requirements associated with (i) market, credit, operational and other risks incurred by banks in their operation; and (ii) their ratio of assets to liabilities.
The Commission, along with other financial authorities in Mexico, has implemented regulations in order to strengthen the composition of the net capital of banks in a manner consistent with the guidelines set forth in the Capital Agreement issued by the Basel Banking Supervision Committee (Basel III Agreement).
Banks in Mexico are required to maintain a minimum capitalisation index, or ICAP, of 8%. The regulatory capital is comprised of Tier 1 and Tier 2 capital. The Common Equity Tier 1 capital must be at least 6%, while the Additional Tier 1 capital ratio must be 4.5%. In addition, banks must maintain a capital conservation buffer of 2.5% of Additional Tier 1 Capital.
Based on their ICAP and their Common Equity Tier 1 and Additional Tier 1 capital ratios, banks will be classified into different categories by the Commission. Such classification may trigger minimum corrective measures and additional special measures that banks must observe in order to improve their capitalisation. Such corrective measures can include the following:
Banks of Local Systemic Relevance
If the Commission determines that a particular bank’s potential non-compliance with the obligations could pose a risk for the stability of the Mexican financial system, a payment system or the economy of the country, said bank will be classified as being of Local Systemic Relevance (Instituciones de Banca Múltiple de Importancia Sistémica Local). Local Systemic Relevance Banks will be classified within different degrees of systematic relevance and will be required to add to their capital conservation buffer an additional percentage of the aggregated risk-weighted assets based on the assigned degree of systematic relevance. This additional percentage will range from 0.60% to 2.25%.
Banks are required to establish risk management mechanisms that allow them to perform their activities with risk levels consistent with their regulatory capital, liquid assets and operational capabilities under normal, adverse and extreme conditions. For said purposes, risk management processes implemented by banks must maintain – both systematically and prospectively – the risk level of their principal transactions within their solvency, liquidity and financial feasibility limits, and their accordance with their desired risk profile. Banks must re-establish the risk level whenever a deviation occurs.
Banks classify their risks into the following three categories:
Banks are required to maintain a capitalisation structure that allows them to cover potential losses derived from all of the risks to which they are or may be exposed under different scenarios, including those in which adverse economic conditions prevail. For these purposes, banks are required to conduct annual stress tests to assess whether they have the necessary capital and to design and maintain a contingency plan (similar to living wills in other jurisdictions), which must be approved by the Commission.
The board of directors of the bank is responsible for approving the desired risk profile, the risk management framework, the risk exposure levels and the risk tolerance levels, as well as contingency plans (including the contingency financing plan). The board of directors is also responsible for overseeing that the bank has sufficient capital to cover all of its risk exposure.
The CEO is responsible for ensuring that the business units and the risk management department of the bank remain independent from each other at all times, and for co-ordinating the risk management programmes and duties.
The board of directors must create a risk committee to oversee that all transactions performed by the bank are made within the desired risk profile, the integral risk management framework and the risk exposure limits approved by the board.
Banks are required to calculate their Liquidity Coverage Ratio measured in accordance with the Basel III Agreement. The liquidity obligations of banks in Mexico are outlined by the Bank Liquidity Regulation Committee and implemented by the Commission and the Central Bank. The Commission is also responsible for overseeing compliance with the liquidity requirements applicable to Banks.
The Bank Liquidity Regulation Committee is responsible for dictating the guidelines for the establishment of the liquidity requirements of banks. Such guidelines have the purpose of ensuring that banks will be able to meet their payment obligations in different terms and under different scenarios, including under economically adverse conditions. This committee is integrated by high-level officers of the Ministry of Finance, the Central Bank and the Commission.
Banks must have a financial contingency plan as part of their risk management system, clearly setting out the strategies and policies to be observed and the procedures to follow if there are unexpected liquidity events or trouble liquidating assets. This financial contingency plan must be submitted annually to the Commission, which can subsequently order that changes and amendments be made to it.
If a bank does not comply with its liquidity obligations or determines that it will not comply with them in the future, it shall immediately notify the Commission thereof. In this case, the Commission may require the relevant bank to:
Furthermore, the Commission can impose additional measures on banks that have a Liquidity Coverage Ratio of less than 90%.
Banks in Mexico must have certain minimum levels of capital. Banks capitalisation rules follow the Basel III risk-based capital regulations issued by the Basel Committee on Banking Supervision. Capital requirements concern both a minimum equity capital and regulatory capital amounts. Capitalisation is an important indicator of a bank’s financial health, a reduction of which, depending on its level, could:
Once a bank’s capitalisation index falls below 10.5%, said bank will be subject to minimal corrective measures or special additional corrective measures imposed by the Commission, depending on its actual level of capitalisation. Minimal corrective measures include:
Special additional corrective measures include hiring external auditors; refraining from increasing compensation and entering into certain types of transactions; substituting officers, directors and auditors; carrying out transactions to reduce exposure to risk; and amending deposit-taking policies.
A bank with capitalisation below 8% (but higher than 4.5%) may apply to continue as an ongoing business under a conditioned operation regime. To have access to the conditioned operation regime, the bank must:
The trust referred to above shall allow the Bank Savings Protection Institute to exercise economic and corporate rights of those shares in the following circumstances:
The trust will be terminated once the bank reaches and maintains the minimum required ICAP in three consecutive months. The bank must otherwise undergo a resolution process.
The resolution of a bank consists of the actions or procedures implemented by the financial authorities on a bank that is facing solvency or liquidity issues that affect its financial viability. These actions or procedures ensure a proper liquidation (or in certain exceptional cases its restoration) for the protection of depositors, the stability of the financial system and the proper functioning of payment systems.
Generally, a bank resolution process will conclude with the administrative or judicial liquidation of the bank. In exceptional cases, the bank will be rehabilitated. As a general rule, once the Commission has revoked the bank’s authorisation, the Bank Savings Protection Institute will determine whether the liquidation of the bank shall be either judicial or extrajudicial. If the Bank Stability Committee determines that a potential default in the bank’s obligation could trigger negative or adverse effects in other banks or financial institutions, compromising their stability or solvency and, as a consequence, the stability or solvency of the financial system or the proper functioning of payment systems, the resolution can be either through equity capital provided by the Bank Savings Protection Institute, provided that the bank applied for a conditioned operation regime, or through loans granted by the Institute if the bank did not.
In the case of supportive equity contributions, the Bank Savings Protection Institute will initiate the selling of a bank’s shares – including those of its shareholders – following the rules set out in the Banking Law. If the Bank Savings Protection Institute provides a loan to the relevant bank, all of the shares issued by the bank will secure the loan until the shareholders of the bank subscribe and pay a capital increase to pay for said loan. If the shareholders do not make this contribution, the Bank Savings Protection Institute will automatically acquire the shares and will sell them thereafter in accordance with the rules set out in the Banking Law.
Liquidation of the Bank
The Bank Savings Protection Institute will act as the liquidator of the bank and will generally be responsible for terminating and concluding all pending business of the bank, including the settling of accounts and the disposition of rights and assets, with a goal to obtain the best price or conditions in connection therewith under strict transparency rules.
In doing the above, the Bank Savings Protection Institute can elect to proceed with the transfer of all or some of the assets and liabilities of the bank to another existing bank or to a bank created for such purposes by the Bank Savings Protection Institute, or to proceed with any other transaction that the Bank Savings Protection Institutes considers as the best option to protect the interests of depositors.
When making any of the foregoing decisions, the Bank Savings Protection Institute will ensure that the cost of any such decision is less than the total estimated cost of paying the deposit insurance over all insured deposits of the bank.
In all instances, the Bank Savings Protection Institute will ensure that all insured deposits are covered in the terms required by law to all depositors.
All actions of the authorities in the process of the resolution and liquidation of banks in Mexico are considered to be in the interests of public order and society. Claims against such actions do not subsequently carry the possibility of suspension. If a claim against such actions prevails, the claimant will only be entitled to the payment of damages and losses.
The required minimum equity capital of banks in Mexico varies, depending on the activities that each bank elects to include as part of its corporate purpose.
Permitted activities of banks are set out in Article 46 of the Banking Law (the “Permitted Activities”). Pursuant to said article, banks are authorised to:
In connection with the Permitted Activities, the Banking Law and the related provisions consider the following options:
Notwithstanding the differentiation of banks with respect to their minimum paid-in equity capital and the requirements regarding their permitted activities, all banks in Mexico – regardless of their size, footprint or business model – are subject to exactly the same set of financial, internal control, compliance and reporting regulations. An exception to this is the very specific set of measures imposed on systemically important banks (see 8.1 Capital, Liquidity and Related Risk Control Requirements).
Based on the foregoing, medium and smaller banks – and banks that specialise in a particular product or business – have for some time been requesting the creation of a differentiated regulatory regime that recognises their specialised business model, market and geographical presence. This would allow them to assume regulatory costs that are better aligned with their size and systemic relevance, allowing them to invest more resources in their specific products and consumers.
Despite the fact that this discussion has been taking place for numerous years, many key players in the financial market have been vocal about the issue and it is likely we will see an effort from both banks and the financial authorities (notably, the Commission) to achieve a differentiated regulatory framework among banks.
A differentiated regulatory framework could have a significant impact on the banking sector and, while it certainly presents a major challenge for authorities, it could foster the expansion and growth of small, medium and specialised banks.
The Mexican financial authorities have continued working towards creating an improved regulatory framework that addresses financial inclusion. This is one of the most urgent matters to address in Mexico, where a very low number of persons have access to financial services provided by duly licensed financial entities.
The efforts of the authorities in this respect have been and will continue to be focused on establishing adequate consumer protection mechanisms and financial education, while also providing for robust technology mechanisms to facilitate remote access and operations. Subsequently, the Mexican government has established a Financial Inclusion National Policy (Política Nacional de Inclusión Financiera). One of the Policy’s objectives is to ensure that (by 2024), 77% of Mexicans are using at least one formal financial product from an authorised financial entity. In order to achieve this goal, the Mexican government recognises the need for the private, social and public sectors of its society to work together.
It is likely that regulators will act to ensure that the principles of the policy are implemented and that banks, as well as other financial entities, can develop new channels and products to increase the number of persons that have access to and use financial services and products.
A significant measure taken in this regard was the amendment of the Banking Law and the Mexican Federal Civil Code in March 2020, allowing individuals to open banking cash deposits and use the applicable funds from the age of 15 (the age of consent in Mexico is 18 years old), without the intervention of their parents or tutors. Nonetheless, those underage individuals shall not be able to get loans with a charge to the deposit accounts in analysis.
Another measure put in place to enhance financial inclusion is the simplification of the authorisation of banking correspondents. In Mexico, banks can provide financial services to the public via certain correspondents, who must be allowed to do so by the Commission. The amendments to the applicable regulation, issued in September 2021, consider the risk of the operations executed through the correspondent in order to determine the requirements that such correspondent must comply with in order to be authorised as such by the Commission. In that regard, there are low-risk operations like the payment of banking loans, taxes and services, which only require a notice to the Commission, and there are medium and high-risk correspondent services (eg, account opening) that require the authorisation of the Commission. This is an advance for the development of differentiated regulation between types of banks, as referred to above.
Liquidity Requirements Applicable to Banks
In August 2021, the Commission and the Mexican Central Bank jointly issued the General Rules on Liquidity Requirements for Banks (Disposiciones de Carácter General sobre los requerimientos de liquidez para las Instituciones de Banca Múltiple), which entered into force in March 2022.
These rules follow the guidelines issued by the Banking Liquidity Regulation Committee, which is integrated by the Secretary and Undersecretary of the Ministry of Finance and Public Credit, the president of the Commission, and the Governor and two deputy governors of the Mexican Central Bank. According to these regulations, banks must keep liquid assets of high credit quality to face liquidity needs and obligations for 30 days. Furthermore, the liabilities of the banks must have term and stability features related to the term and liquidity characteristics of the banks’ assets.
Such rules contemplate two ratios:
Banks must report their estimations of these ratios to the Central Bank.
These rules also contemplate scenarios where, depending on their liquidity (estimated by the Liquidity Coverage Ratio and the Net Stable Financing Ratio), banks can be subject to the following corrective measures:
Total Loss Absorbing Capacity
In June 2021, the Commission issued rules to comply with the requirements of Total Loss Absorbing Capacity (TLAC) for the Domestic Systemically Important Banks. These rules enable this specific type of bank to be resilient and have the ability to absorb losses and recapitalise itself, passing losses to investors and reducing the need for government bailouts. TLAC is in addition to the other regulatory capital required (for example, the ICAP), and, in order to comply with the international standard, it must be equal to at least 6.5% of risk-weighted assets.
The requirements to supplement the net capital of the banks shall be enforceable in December 2022, and banks must comply with the totality of this requirement by December 2025.
Public Clarification of Who Can Provide Banking Services
In December 2020, the Commission issued two public clarifications stating that:
Increased Supervision of the Banking Sector
The Commission has shown increased interest in the adequate knowledge of the levels of capitalisation of the Mexican banking sector and has demonstrated enhanced supervision in the Mexican banking sector.
Digitalisation and Fintech Environment
After the enactment of the Mexican Fintech Law (Ley para Regular las Instituciones de Tecnología Financiera) in 2018 and particularly after the beginning of the COVID-19 pandemic, the fintech industry has seen a boost in Mexico. Customers that typically were underserved by typical banking institutions have started to access financial services through Fintech applications, particularly in the e-payments, crowdfunding and microfinance sectors.
The digitalisation of the financial services is a trend that has seen solid growth during 2022, and is expected to continue growing during the coming years. As part of this trend, traditional banks have also sought to digitalise their products and services to reach to broader bases of clients, and will continue to see fierce competition from the disruptive fintech participants.
While the use of digital platforms has resulted in the increase of cyber-attacks and increased risks of theft of digitalised personal information, it is expected that Mexican regulators will continue to strengthen regulation on banks to prevent these risks from materialising, while continuing to foster digitalisation of the financial industry as a whole.
There have been no specific banking regulatory requirements related to ESG matters.
Torre del Bosque – PH
Blvd. Manuel Ávila Camacho #24
Col. Lomas de Chapultepec
11000 Ciudad de México
+52 55 55 40 96 00
+52 55 55 40 96 firstname.lastname@example.org www.whitecase.com
Technological Developments in Finance
Technological developments in finance continue to accelerate in Mexico. The Mexican economy and its financial sector have benefited from tailwinds related to the nearshoring process that is taking place in North America, higher commodity prices, low levels of government and private debt, normalised interest rate environment and favourable demographics. These tailwinds have helped a dynamic fintech sector.
This article will describe the specific trends and developments in the use of technology by Mexican banks, especially in connection with the applicable regulations in the country. We will focus on the following trends:
These aspects are usually included in queries by non-Mexican investors interested in providing financial services (particularly banking services) in the country by using novel technologies.
The integration of the financial and non-financial sectors is a global trend. Mexico has not been the exception. There has been significant interest in the integration of payment processing, e-wallets, lending, securities trading and insurance in non-financial platforms.
Mexican financial regulators have been conservative in their approach to embedded finance and banking-as-a-service (BaaS) models. In the last couple of years, several regulatory actions were taken against the first movers in this space. Informal criteria related to these types of activities are currently being discussed by regulators with several interested entities, such as differentiated look and feel requirements for regulated and non-regulated entities and activities.
It is understood that financial regulators have been working on new regulations to set the basic standards for these types of activities, including the issuance of a bespoke regulatory framework for “banking digital agents” that would clarify the rules pursuant to which banks may provide financial services through third parties and using digital means. A clear regulatory framework in this respect would be welcome to provide certainty for the banking and fintech industry and may accelerate the development and innovation in this space.
One of the groundbreaking aspects of the Mexican Law to Regulate Financial Technologies Institutions (Ley para Regular las Instituciones de Tecnología Financiera) (the “Fintech Law”) is the requirement for certain financial entities operating in Mexico (including banks) to establish standardised application programming interfaces (commonly known as APIs) to allow the exchange of the following data among financial entities:
The model of open banking considered in the Fintech Law can enhance the user experience of financial services consumers and fulfil the needs of underserved groups, in line with the financial inclusion public policy efforts of the Mexican government, serving objectives like the improvement of socio-economic conditions, tackling financial crimes, and decreasing the informal and submerged economy of the country.in 2020
In 2020, the CNBV issued the Fintech Law’s implementing regulations in connection with APIs for banks. However, such regulation refers only to open financial data.
Mexican regulators continue working on the regulations for APIs to exchange transactional data, focusing on security measures to protect customer information. When issued, such regulations should be pivotal to implement the “open banking” model in Mexico envisaged in the Fintech Law.
Mexican regulators have started legal enforcement actions against certain types of online lenders locally known as “monta deudas”. Regulators claim that some of these “monta deudas” may have used illegal and overly aggressive collection practices and in some cases may be related to criminal groups. There is no visibility yet on the merits of all these actions or if the entities subject to these enforcement actions are actually performing these activities.
No specific regulatory framework has been issued in connection with BNPL activities performed through digital means. However, such activities are subject to consumer protection regulations issued by the Financial Services Consumer Protection Agency (“Condusef”), in the case of financial entities providing the services, or by the Federal Consumer Protection Agency (“Profeco”), in the case of commercial companies not subject to the supervision of financial regulators.
Throughout the Mexican financial sector, authorities have undertaken efforts to allow the provision of services and on-boarding through digital means, and the banking sector has been at the forefront of those measures. For example, in 2020, the CNBV amended the General Rules applicable to Banks in order to allow legal entities to open bank accounts with the maximum level of transactionality via digital means.
Previously, only individuals could open bank accounts remotely.
The Fintech Law provides that Mexican banks may conduct transactions with crypto-assets, as specified by the regulation issued by the Mexican Central Bank (“Banxico”). However, the regulations issued by Banxico in 2019 in this respect provide that Mexican banks shall only conduct transactions with virtual assets in connection with “internal operations” – ie, those activities that banks undertake internally either to provide loans, take deposits and provide other services to clients, or on behalf of the bank itself, thereby effectively ruling out the possibility of banks conducting such transactions using virtual assets with clients.
This restriction on Mexican banks operating with virtual assets for the public is still in place and reflects the concerns of Mexican banking regulators with respect to transactions by banks in the crypto space.
While banks and other financial entities have been restricted from offering crypto-related services to clients, cryptocurrency-related activities are not generally prohibited in Mexico. Although this is an evolving issue, the current regulatory position is that non-financial entities may offer services related to cryptocurrencies, including the sale and purchase of crypto, without the need for obtaining particular licences. However, the Mexican Anti-Money Laundering Law (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita) considers as a “vulnerable activity” the following: (i) exchange of crypto in a customary or professional manner carried out through electronic or digital platforms managed or operated by cryptocurrency exchanges, or (ii) offering of any means of services consisting in the custody, storage or transfer of crypto.
Persons that perform any “vulnerable activities” are required to, among other obligations:
Moreover, the UIF has also interpreted that the custody, exchange or transfer of cryptocurrencies targeted to or performed with persons located in Mexico, that is carried out through the use of technological infrastructure located outside Mexico or by companies formed outside Mexico, is subject to the requirements of the Anti-Money Laundering Law.
Foreign entities subject to these AML regulatory obligations have complied with them in a number of ways, including through the formation of a Mexican subsidiary that is registered with the SAT and gathers the required KYC information and files applicable reports.
In Mexico, banks have repeatedly proven their importance as the basis of the country’s financial system. The adoption of technology into their different business models is inevitable and poses interesting challenges from the legal perspective, among others. Therefore, it is important to be aware of the Mexican regulatory landscape, particularly heading towards the efforts of economic recuperation after the COVID-19 pandemic.
Torre del Bosque – PH
Blvd. Manuel Ávila Camacho #24
Col. Lomas de Chapultepec
11000 Ciudad de México
+52 55 55 40 96 00
+52 55 55 40 96 email@example.com www.whitecase.com