FinTech 2019 Comparisons

Last Updated June 06, 2019

Law and Practice

Authors



Ritch, Mueller, Heather y Nicolau, S.C. has 20 partners and 106 lawyers, who between them speak English, French, German and Spanish. Their key practice areas are capital markets, banking and finance, financial Institutions, corporate governance and compliance. The firm is assisting several Fintech entities in their authorisation processes with the CNBV.

The most significant evolution in Mexico was that the Law regulating Financial Technology Institutions (the Mexican FinTech Law) became effective on 10 March 2018. In addition: (i) the National Banking and Securities Commission (the CNBV) issued on 10 September 2018 the General Rules Applicable to Financial Technology Institutions (the FinTech General Rules); (ii) Banco de México, Mexico’s central bank issued on the same date Circular 12/2018 regulating the operations of electronic payments companies; and (iii) the Ministry of Finance issued the general provisions referred to in Article 58 of the FinTech Law (the Anti-Money Laundering Provisions – together with the FinTech General Rules and Circular 12/2018, the FinTech Regulations).

The FinTech Law and the FinTech Regulation will provide local FinTech companies with certainty and an operating framework that will allow them to grow. According to information published by Finnovista, during the last months Mexico has made great progress in the development of its FinTech sector and has positioned itself as potentially one of the most important FinTech hubs in the world. During 2017, Finnovista pointed out that Mexico was positioned as the largest FinTech ecosystem in the region with 238 start-ups. Pursuant to the 2018 edition of FinTech Radar (published by Finnovista), the FinTech ecosystem in Mexico increased its size to reach 334 FinTech start-ups, which left the country behind only Brazil in Latin America. Such figure represents an increase of approximately 100 new companies from 2017 to 2018 and an annualised growth of 40% during the period. Undoubtedly, one of the factors that will most impact the evolution of the FinTech sector in Mexico will be the responsiveness to the new regulation by the entities that offer financial products and services.

FinTech companies in Mexico base their operation on business models that use digital technology to provide financial products and services aimed at meeting specific needs of certain segments of the market, generating at the same time business opportunities for people who seek to invest in its resources. Unlike the large banks or the traditional financial institutions, which are often limited by their operational structure, the cost of service and dependence on an enormous infrastructure, FinTech companies have much more freedom to design and innovate in their service proposal. In short, FinTech companies base their business model on innovation and flexibility.

Several business models have been developed so far in the FinTech area. In Mexico they can be classified in the following four groups:

  • collective financing or crowdfunding model (includes debt and capital transactions and gathers platforms that allow participants to make or receive loans or to invest in the capital stock of a company);
  • e-money, payments and transfer model (combines the payment with the payment management which gives added value to the transaction and reduces transaction costs);
  • personal finance management model (includes platforms for loans, savings, insurance, investments and derivatives, as well as platforms for educational and cultural purposes); and
  • development model (this model is an initial development model destined to become a definitive model after a certain period of time, also known as a sandbox).

As previously mentioned, the Mexican FinTech Law and the FinTech Regulations are brand new.

The Mexican FinTech Law and the FinTech Regulations, among other matters, regulate financial services provided by financial technology institutions (FTIs), as well as their organisation, operation and activities and the financial services provided thereby that are subject to special regulation since they are offered or performed by innovative means. Mexican FinTech regulation establishes that the FTIs are crowdfunding institutions and the institutions engaged in electronic fund payments (e-money institutions).

Mexican FinTech regulation follows some of the general principles established in other Mexican financial laws but differs from regulation of legacy players. Compared with FinTech, the regulation of the traditional financial system is much more structured, with an institutional focus (rather than functional) and developed pursuant to international standards (especially the banking regulation which has been developed based on the Basel Accords).

The Mexican FinTech Law provides that legal entities which are not financial entities must obtain authorisation from the CNBV to carry out, through a novel model (as defined below), activities that require authorisation, registration or concession pursuant to the financial laws (including banking, securities intermediation, foreign exchange transactions and insurance). The financial authorities may grant or deny a conditional temporary authorisation to the companies interested in providing financial services through these models; this authorisation shall have a term related to the services that are intended to be provided and, initially, may not be longer than two years.

The Mexican FinTech Law also provides that financial authorities may discretionally authorise financial entities, including FTIs, temporarily to carry out operations or activities related to their corporate purpose through novel models when exceptions to the legal provisions issued by such authorities are required. This authorisation shall have an initial term of one year.

Pursuant to Mexican regulations, a 'novel model' shall be understood as a model that, for the provision of financial services, uses tools or technological means with modalities different from those existing in the market at the moment in which the temporary authorisation is granted.

The Mexican FinTech Law recognises the following regulators as the financial authorities for purposes of such law and the regulations derived therefrom: the CNBV; the Mexican National Insurance and Bonding Commission (Comisión Nacional de Seguros y Fianzas, the CNSF); the Mexican National Commission for the Protection and Defence of Financial Services Users (Comisión Nacional para la Protección y Defensa de los Usuarios de los Servicios Financieros, the CONDUSEF); the Mexican National Retirement Savings System Commission (Comisión Nacional del Sistema de Ahorro para el Retiro, the CONSAR – together with the CNBV, the CNSF and the CONDUSEF, the Supervisory Commissions); the Mexican Central Bank and the Ministry of Finance.

Authorisations to act as an FTI are granted by the CNBV upon favourable resolution of the inter-institutional committee which is composed of members of the Ministry of Finance, the Mexican Central Bank and the CNBV. An additional authorisation to be granted by the Mexican Central Bank is required if the relevant FTI is expecting to operate or manage virtual assets or foreign currency.

Authorisations to use novel models by non-financial entities must be issued to the financial authorities listed above, according to their supervised area of activities. Authorisations to use novel models by financial entities shall be granted by the corresponding Supervisory Commission upon approval of its respective Government Board; in the case of activities regulated by general provisions issued by the Ministry of Finance or the Mexican Central Bank, the temporary authorisations will be granted by such supervisory bodies.

Fines may be imposed by the Supervisory Commissions or the Mexican Central Bank and will be enforced by the Ministry of Finance or the Mexican Central Bank, as applicable.

In addition, in the Mexican FinTech Law and in the FinTech Regulations, additional responsibilities and obligations are set forth for each of the financial authorities. Therefore, a case-by-case analysis would be required in order to determine who the competent authority is for the corresponding case. 

FTIs can outsource certain services but cannot outsource their regulated functions. In general terms, the FTIs may agree with third parties, located in Mexico or abroad, the provision of services necessary for its operation, in accordance with the general provisions issued for such purposes by the CNBV or the Mexican Central Bank, as applicable. Such financial authorities may indicate in those provisions the type of services that will require authorisation to be outsourced.

If financial entities participate in the capital stock of FTIs, those financial entities may provide technological infrastructures and auxiliary services to support the FTIs operations, as long as they obtain the CNBV’s authorisation for such purposes and enter into a service contract in which the transfer prices are clearly established.

The hiring of services with third parties shall not exempt the FTIs, their directors, employees and other persons with an employment, position or commission therein, from the obligation to observe the provisions set forth in the Mexican FinTech Law or in the general provisions derived therefrom.

The Mexican FinTech Law provides that acts made in contravention of the law or in contravention of the regulations derived from the law will result in the imposition of administrative and criminal sanctions by the corresponding financial authority.

The confidentiality of the customer’s information is a principle that is recognised in Mexican financial laws, including those that regulate traditional players and FinTech entities. In addition to such laws, the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) has as its purpose the protection of personal data held by individuals, in order to regulate their legitimate, controlled and informed treatment to guarantee privacy and the right to individuals' information self-determination.

The Mexican Federal Law for the Prevention and Identification of Operations with Resources of Illegal Origin (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita) is a general law applicable to financial and non-financial institutions that has as its purpose the protection of the financial system and the national economy by establishing measures and procedures to prevent and detect acts or operations that involve illegal resources. In addition to this law, the financial entities are subject to various regulations published generally by the Ministry of Finance and the CNBV, as applicable. For the particular case of the FinTech sector, the FinTech Anti-Money Laundering Provisions has as its purpose to set forth the measures and procedures to prevent and detect acts, omissions or operations related to the financing of terrorism and operations with resources of illegal origin.

There is no particular law that has as its main purpose cybersecurity regulation, but rather there are various provisions throughout the financial regulation that require financial institutions to establish measures to prevent attacks on the technological networks of these institutions. Note, for example, that the Mexican FinTech Law sets forth, as one of the requirements to obtain the authorisation to act as an FTI, the filing of policies related to the disclosure of risks and responsibilities, including confidentiality policies, with the evidence that the FTI has a safe, reliable and accurate technological support for its clients with the minimum security standards to ensure the confidentiality, availability and integrity of such information and the prevention of fraud and cyber-attacks.

In Mexico, there is no comprehensive regulation covering social media; however, the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties and its regulations, among other statutes and rules, applies to processing of personal data. Pursuant to this law, those persons responsible for the processing of personal data shall observe the principles of legality, consent, quality, purpose specification, loyalty, proportionality and responsibility.

The Mexican FinTech Law provides certain obligations that need to be complied with by the external auditors of the FTIs, such as the review of the annual financial statements or the reporting of irregularities detected during an audit process that may have an impact on the operation of the FTIs. Those obligations are also established for other traditional financial institutions in the respective financial laws.

The idea of ​​the Mexican federal government is that FinTech entities can only offer products and services that are regulated. As aforementioned, the Mexican FinTech Law provides only two types of FTIs, crowdfunding institutions and e-money institutions.

Crowdfunding institutions may only perform activities aimed at putting members of the general public in contact to carry out collective debt financing, collective capital financing or collective co-ownership or royalties financing. Said institutions, in addition to their intermediation activities, may only perform the activities indicated in the Mexican FinTech Law for the development of their business.

The services performed with the public in a habitual and professional manner – consisting in the issuance, administration, redemption and transmission of electronic payment funds, by means of certain specific acts, through computer applications, interfaces, internet pages or any other means of electronic or digital communication – may only be provided by e-money institutions. These institutions, in addition to the activities indicated in the law, may only perform the activities indicated in the Mexican FinTech Law for the development of their business.

The robo-adviser is a different business model in which the client is provided with online advice and management of its investment portfolio. In particular, in cases where a regulated service is to be provided, including advisory services related to securities, insurance and banking, the entity owning the robo-adviser must be licensed as a financial entity, as the case may be.

Although legacy players know about the relevance of the technology in the investment sector, in Mexico only a few legacy players have implemented robo-advisers platforms. A few Mexican financial institutions have developed an investment platform through which certain questions are answered by the client and the system automatically suggests where and how to invest.

Robo-advisers aim to make an investment simple, low-cost and even a fun task for every investor. They are independent of emotions and therefore the decisions they make do not depend on the uncertainties that human beings may have. However, robo-advisers have a limited capacity to explain complex issues and are not able to manage customer questions or make recommendations based on their responses.

In Mexico, practically any person may lend money to any other person. Mexican law provides that only Mexican banks or non-bank banks may obtain funding from the public for the purposes of relending those funds, either by receiving deposits or issuing debt. These entities are subject to regulation and supervision. The FTIs that allow participants to make or receive loans are crowdfunding institutions, which are regulated by the Mexican FinTech Law, the General Provisions and the Anti-Money Laundering Provisions. In accordance with the applicable regulation, crowdfunding institutions are subject to certain limits. As a general rule, these institutions may publish funding request on their platforms as long as they do not exceed, per transaction, the amount of 50,000 investment units (USD15,000 approximately) if the loans are addressed to individuals, or the amount of 1,670,000 investment units (USD520,000 approximately) if the loans are addressed to legal entities or individuals with a business activity.

Under Mexican regulation, FTIs cannot obtain loans and credits to establish schemes that allow them to share the risks of the potential transactions promoted on their platforms unless they obtain authorisation from the CNBV. The requirements to obtain such additional authorisation are set forth in the General Regulations.

The purpose of crowdfunding institutions is to carry out activities aimed at putting people in contact with the general public, so that financing can be provided among them. As indicated above, only with prior authorisation from the CNBV may crowdfunding institutions obtain loans and credits in order to allocate funds to schemes that allow them to share risks with investors.

The loans offered on FTIs' platforms can be syndicated. However, it should be taken into account that the FTIs shall establish controls on their platforms that prevent the same investor from making investment commitments in amounts exceeding the percentages referred to in the General Provisions.

Payment processors may create or implement new payment rails. The Mexican FinTech Law provides certain obligations to FTIs and financial institutions in order to establish standardised application programming interfaces (APIs) to enable connectivity and access from other interfaces developed or managed by those entities and third parties specialised in information technology to share certain type of information, which would not constitute a violation of financial secrecy obligations. FTIs and financial institutions interested in obtaining access to such information will need the prior authorisation of their corresponding supervisory commissions.

Fund managers are regulated and supervised. There are basically two types, investment funds and pension funds, both of which are heavily regulated – their administrators require specific authorisations from the CNBV in the case of investment funds and from the National Commission of the Pension Fund System. The types of assets in which they may invest and the transactions which they may enter into are limited to those expressly permitted by the applicable regulation.

According to Mexican regulations, fund advisers may not impose conditions to the funds in terms that differ from the regulation. Generally, regulations impose rules on compliance with contractual terms, protection of the clients, compliance with investment rules and other applicable rules.

Fund managers are required to comply with anti-money laundering and know-your-customer rules. Such rules include reporting obligations in connection with suspicious and unusual transactions.

Although the Mexican FinTech Law includes provisions for the establishment of trading platforms for cryptocurrencies, the relevant regulations have not been issued by Banco de Mexico as of 28 February 2019. These will be different from the existing securities and derivatives trading platforms and exchanges.

The regulatory regimes applicable to the different crypto-currencies would depend on the regulations to be issued.

Banco de México has yet to issue regulations with respect to this matter. As of 28  February 2019, no such regulations have been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 2019, no such regulations have been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 2019, no such regulations have been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 2019, no such regulations have not been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 2019, no such regulations have been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 28 2019, no such regulations have been published.

Although there are no specific rules regarding high-frequency and algorithmic trading, rules issued by the CNBV allow Mexican broker dealers to permit certain sophisticated clients to transfer orders directly to the securities market using electronic communications. These clients include Mexican and foreign institutional investors, Mexican and foreign financial institutions, and issuers with securities registered in Mexico. These clients may use high-frequency and algorithmic trading using such electronic services.

Such participants are not subject to regulatory regimes.

Such players are not required to register as market-makers.

The transactions entered in terms described above in 8.1 Creation and Usage Regulations are not subject to best-execution rules.

The above-described rules apply to broker dealers. Funds have no specific rules regarding these types of trades.

There are no rules applicable to this point.

Mexican regulations do not require registration of financial research platforms.

The issue of spreading rumours or unverified information is not regulated in Mexico.

This question is not applicable under Mexican legislation.

This question is not applicable under Mexican legislation.

InsureTech is not regulated in Mexico.

Different types of insurance are not treated differently by industry participants and by regulators.

RegTech providers are not registered in Mexico.

These terms are negotiated on a case-by-case basis and mostly refer to terms and conditions of the service, client protection and confidentiality issues.

RegTech providers do not act as 'gatekeepers' under Mexican legislation.

Legacy players are well aware of the necessity to implement new technologies to create more transparent, safe and efficient procedures. For example, Santander Mexico announced, some months ago, a USD750 million investment to develop blockchain technologies that will strengthen security and integrate crypto-currency exchange into the financial system. Other bank institutions, such as Citibanamex and Scotiabank Mexico, have indicated that their investments are focused on the technology sector in order to offer new digital products and services to their customers.

The Mexican FinTech Regulation that has been published so far does not set forth the rules for the use of blockchain but it recognises the crypto-currencies as virtual assets. It is important to mention that, pursuant to the Mexican FinTech Law, FTIs will only be able to operate with virtual assets to be determined by the Mexican Central Bank through certain general provisions which shall be published before 10 March 2019. Under such general provisions, the Mexican Central Bank will establish the terms and conditions that FTIs shall observe for transactions with virtual assets.

As mentioned before, currently blockchain assets are not particularly regulated in Mexico. However, if we consider that a virtual asset, such as the bitcoin, may be a blockchain asset, then we can say that the general rules to operate with virtual assets are established in the Mexican FinTech Law. Pursuant to such law, a virtual asset is considered to be a value representation registered electronically and used by the public as a mean of payment for all types of legal acts and whose transfer can only be performed through electronic means.

Issuers of blockchain assets are not regulated by the Mexican FinTech Law. However, as described above, the Mexican Central Bank has yet to define the conditions and restrictions of the transactions and other acts that may be performed with virtual assets.

As mentioned before, under the Mexican FinTech Law, virtual assets operators should receive an authorisation from the CNBV to act as an FTI and keep their transactions transparent and audited. An additional authorisation from the Mexican Central Bank will also be required to perform transactions with virtual assets.        

No regulation has been enacted in Mexico in connection with peer-to-peer trading of blockchain assets.

There is no particular regulation for funds that invest in blockchain assets, but FTIs are obliged to elaborate and implement a policy for the identification of their clients in terms of the Anti-Money Laundering Provisions. In other words, FTIs are required to integrate a file for each of their clients at the time of signing contracts, providing services and carrying out transactions in order to fully identify them.

Please refer to 12.2 Local Regulators' Approach to Blockchain and 12.4 Regulation of 'Issuers' of Blockchain Assets, above.

In accordance with Article 58 of the Mexican FinTech Law, the FTIs shall implement measures for the adequate knowledge of their clients and for such purposes the FTIs will consider the antecedents, specific conditions, economic or professional activity and the geographical areas in which they operate. The information collected by FTIs shall be used and kept for as long as it is necessary to comply with the purpose for which it was collected and in accordance with the requirements of applicable laws and regulations, including those set forth by the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares).

The Mexican FinTech Law indicates that the financial institutions, money transmitters, credit information entities, clearing houses, FTIs and companies authorised to operate with novel models must establish standardised application programming interfaces (APIs) to enable connectivity and access from other interfaces developed or managed by those entities and third parties specialised in information technology in order to share certain type of information, as described below.

To access information through standardised APIs, prior authorisation from the Supervisory Commission or the Mexican Central Bank, as applicable, is required. The Mexican FinTech Law classifies the information that can be shared among the above-mentioned entities as the following types of information: (i) open financial data, (ii) aggregated data, and (iii) transactional data.

The open financial data consist of data that does not contain confidential information, such as information related to products and services offered to the public, location of offices and branches, points of access to products and services. Aggregated data consist of statistical information related to operations carried out by or through the aforementioned entities, without containing a level of disaggregation that would allow the identification of personal transactions or information. Transactional data includes information related to the use of a product or service, including deposit accounts, credits and withdrawal means contracted on behalf of clients of the above-mentioned entities, among other information related to the transactions made by clients or that clients attempted to perform in their financial infrastructure. The aggregated data can only be accessed by the entities that have the authentication mechanisms set forth by the Supervisory Commissions or the Bank of Mexico, as applicable. Transactional data can only be shared with the prior authorisation of clients.

Ritch, Mueller, Heather y Nicolau, S.C.

Av. Pedregal No. 24 10th floor
Molino del Rey,
Mexico City,
Mexico

+52 55 9178 7000

pperezalonso@ritch.com.mx www.ritch.com.mx
Author Business Card

Law and Practice

Authors



Ritch, Mueller, Heather y Nicolau, S.C. has 20 partners and 106 lawyers, who between them speak English, French, German and Spanish. Their key practice areas are capital markets, banking and finance, financial Institutions, corporate governance and compliance. The firm is assisting several Fintech entities in their authorisation processes with the CNBV.

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.