Contributed By Ritch, Mueller, Heather y Nicolau, S.C.
The Fintech sector in Mexico has seen an important evolution in recent months, since the enactment of the Law Regulating Financial Technology Institutions (Mexican Fintech Law) on 10 March 2018 and the subsequent publication of the General Rules Applicable to Financial Technology Institutions (Fintech General Rules), Circular 12/2018, and the general provisions referred to in Article 58 of the Mexican Fintech Law (the Anti-Money Laundering Provisions which, together with the Fintech General Rules and Circular 12/2018, make up the Fintech Regulations), among other secondary regulation.
According to information published by Finnovista, the Mexican fintech ecosystem saw a net growth of 18% in the number of existing financial start-ups, comparing the figures for May 2019 to those for July 2018. Such growth caused Mexico to recover its leadership, in the middle of 2019, as the largest fintech ecosystem in Latin America with around 394 financial start-ups, slightly ahead of Brazil, the second biggest fintech ecosystem in the region with around 380 financial start-ups.
Notwithstanding the above, the new regulation has generated a degree of uncertainty about the measures to be followed by the new financial start-ups, since many of them will require authorisation from the National Banking and Securities Commission (CNBV) to act as a financial technology institution (FTI). In this regard, it is interesting to note that the CNBV has indicated that only 85 entities that operated prior to the enactment of the Mexican Fintech Law submitted their application for authorisation to act as an FTI before the deadline of 25 September 2019.
It is important to mention that the Mexican Fintech Law and the Fintech Regulations mainly regulate crowdfunding institutions and the institutions engaged in electronic fund payments (E-Money Institutions). Most of the other fintech models are regulated under the laws that existed before the enactment of the Mexican Fintech Law.
Fintech companies in Mexico base their operation on business models that use digital technology to provide financial products and services aimed at meeting the specific needs of certain segments of the market, at the same time generating business opportunities for those seeking to invest their resources. Unlike the large banks or the traditional financial institutions, which are often limited by their operational structure, the cost of service and dependence on an enormous infrastructure, fintech companies have much more freedom to design and innovate in their service proposal. In short, fintech companies generally base their business model on innovation and flexibility.
Several business models have been developed so far in the fintech area. They can be classified in the following four groups:
Among other things, the relatively new Mexican Fintech Law and Fintech Regulations regulate financial services provided by FTIs, as well as their organisation, operation and activities, and the financial services provided thereby that are subject to special regulation since they are offered or performed by innovative means. Mexican Fintech regulation establishes that the FTIs are crowdfunding institutions and E-Money Institutions).
The verticals described in the first three bullet points of 2.1 Predominant Business Models are regulated by the Mexican Fintech Law and the Fintech Regulations. The vertical described in the fourth bullet point is contemplated by several laws, including the Mexican Securities Law and the Insurance Companies Law.
In accordance with Mexican Fintech Law, crowdfunding institutions are required to establish schemes to share the risks of the collective financing transaction with investors, which includes the agreement to collect a portion of the fees subject to repayment of the loan or the offered performance of the project, or any other scheme that allows the alignment of incentives between the FTI and investors. In any case, the fees charged with respect to non-performing loans may not be higher than those charged on outstanding loans granted by the respective FTI.
There are some restrictions on the fees that E-Money Institutions are allowed to charge their customers. For example, Circular 12/2018 sets forth that E-Money Institutions shall allow their clients to make at least one daily withdrawal from an electronic payment funds account through an electronic channel in Pesos, free of any charge. E-Money Institutions also cannot charge interest or fees on loans derived from overdrafts.
Pursuant to Mexican Fintech regulation, one of the CNBV's requirements prior to granting authorisation as an FTI consists in filing the policy related to the disclosure of risks and responsibilities, including the concepts and the amounts of the fees that the FTI intends to charge its clients. Additionally, the business plan filed with the CNBV also needs to describe the fees and any other charge to be collected by the FTI for the services provided to its clients.
Mexican fintech regulation follows some of the general principles established in other Mexican financial laws but differs from the regulation of legacy players. Compared with fintech, the regulation of the traditional financial system is much more structured, with an institutional focus (rather than functional) and developed according to international standards (especially banking regulation which has been developed based on the Basel Accords).
The Mexican Fintech Law provides that legal entities which are not financial entities must obtain authorisation from the CNBV to carry out, through a novel model (as defined below), activities that require authorisation, registration or concession in line with the financial laws (including banking, securities intermediation, foreign exchange transactions and insurance). The financial authorities may grant or deny conditional temporary authorisation to the companies interested in providing financial services through these models; the term of this authorisation is related to the services that are intended to be provided and, initially, may not be longer than two years.
The Mexican Fintech Law also provides that financial authorities may discretionally authorise financial entities, including FTIs, to temporarily carry out operations or activities related to their corporate purpose through "novel models" when exceptions to the legal provisions issued by such authorities are required. This authorisation has an initial term of one year.
In accordance with Mexican regulations, a "novel model" is a model that, for the provision of financial services, uses tools or technological means with modalities different from those existing in the market at the time when the temporary authorisation is granted.
The Mexican Fintech Law recognises the following regulators as the financial authorities for the purposes of such law and its regulations:
Authorisation to act as an FTI is granted by the CNBV upon favourable resolution of the inter-institutional committee which is composed of members of the Ministry of Finance, the Mexican Central Bank and the CNBV. Additional authorisation from the Mexican Central Bank is required if the relevant FTI plans to operate or manage virtual assets or foreign currency.
Authorisation for a non-financial entity to use a novel modelmust be issued to the financial authorities listed above, according to their supervised area of activities. Authorisation for a financial entity to use a novel modelis granted by the corresponding Supervisory Commission upon approval of its respective government board; in the case of activities regulated by general provisions issued by the Ministry of Finance or the Mexican Central Bank, the temporary authorisations will be granted by such supervisory bodies.
Fines may be imposed by the Supervisory Commissions or the Mexican Central Bank and will be enforced by the Ministry of Finance or the Mexican Central Bank, as applicable.
In addition to this, in Mexican Fintech Law and in the Fintech Regulations, additional responsibilities and obligations are set forth for each of the financial authorities. Therefore, a case-by-case analysis is required in order to determine which is the competent authority for the corresponding case.
FTIs can outsource certain services but cannot outsource their regulated functions. In general terms, FTIs may agree with third parties, located in Mexico or abroad, the provision of services necessary for its operation, in accordance with the general provisions issued for such purposes by the CNBV or the Mexican Central Bank, as applicable. Such financial authorities may indicate in those provisions the type of services that will require authorisation to be outsourced. On 25 March 2019, the Fintech General Rules were amended to include a chapter related to the hiring of services by Crowdfunding Institutions. As of 13 January 2020, rules related to the hiring of services by E-Money Institutions have not yet been published by the CNBV and the Mexican Central Bank, although it is expected that such rules will be similar to the rules applicable to Crowdfunding Institutions. In general terms, the Fintech General Rules state that Crowdfunding Institutions will require authorisation from the CNBV to hire services related to:
Where financial entities participate in the capital stock of FTIs, such financial entities may provide technological infrastructures and auxiliary services to support the FTIs’ operations, as long as they obtain the CNBV’s authorisation for such purposes and enter into a service contract in which the transfer prices are clearly established.
The hiring of services with third parties does not exempt FTIs, their directors, employees and other persons with employment, a position or commission therein, from the obligation to observe the provisions set forth in the Mexican Fintech Law or in the general provisions derived therefrom.
The Mexican Fintech Law provides that actions taken in contravention of the law or in contravention of the regulations derived from the law will result in the imposition of administrative and criminal sanctions by the corresponding financial authority.
The confidentiality of the customer’s information is a principle that is recognised in Mexican financial laws, including those that regulate traditional players and fintech entities. In addition to such laws, the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) has as its purpose the protection of personal data held by individuals, in order to regulate its legitimate, controlled and informed treatment to guarantee privacy and the individual's right to self-determination with respect to their information.
Anti-money Laundering Laws
The Mexican Federal Law for the Prevention and Identification of Operations with Resources of Illegal Origin (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita) is a general law applicable to financial and non-financial institutions that has as its purpose the protection of the financial system and the national economy by establishing measures and procedures to prevent and detect acts or operations that involve illegal resources. In addition to this law, financial entities are subject to various regulations published generally by the Ministry of Finance and the CNBV, as applicable. In the particular case of the fintech sector, the FinTech Anti-Money Laundering Provisions have as their purpose to set forth the measures and procedures to prevent and detect acts, omissions or operations related to the financing of terrorism and operations funded by illegal resources.
There is no particular law that has as its main purpose cybersecurity regulation; rather, there are various provisions throughout Mexico's financial regulation that require financial institutions to establish measures to prevent attacks on the technological networks of these institutions. Note, for example, that the Mexican Fintech Law sets forth, as one of its requirements to obtain authorisation to act as an FTI, the filing of policies related to the disclosure of risks and responsibilities, including confidentiality policies, with evidence that the FTI has safe, reliable and accurate technological support for its clients, and at the least, minimum security standards to ensure the confidentiality, availability and integrity of such information and the prevention of fraud and cyber-attacks.
In Mexico, there is no comprehensive regulation covering social media; however, the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties and its regulations, among other statutes and rules, applies to the processing of personal data. This law stipulates that those persons responsible for the processing of personal data must observe the principles of legality, consent, quality, purpose specification, loyalty, proportionality and responsibility.
The Mexican Fintech Law provides that FTIs may be grouped into associations, which may, among others issues, develop and implement standards of conduct and operation that must be met by their members in order to contribute to the healthy development of such institutions.
The Mexican Fintech Law also specifies that the associations may perform periodic evaluations of their members to check that their conduct and operation standards are compliant. If, as a result of such evaluations, the associations become aware of breaches to the provisions set forth in the Mexican Fintech Law or the Fintech Regulations, such associations are under obligation to inform the CNBV of such breaches, notwithstanding the authority of the CNBV to evaluate and verify compliance with legal obligations by the FTIs.
In addition to potential review by fintech associations, the Mexican Fintech Law and the Fintech Regulations specify certain obligations that need to be complied with by the external auditors of FTIs, such as a review of the annual financial statements or reporting irregularities detected during an audit process that may have an impact on the operation of the FTI.
Similar provisions relating to the participation of third parties are also established for other traditional financial institutions in the respective financial laws.
Fintech entities can only offer the products and services set forth in the respective financial laws.
During the last few months, the CNBV has been using the term "closed catalogue" to refer to the activities that the FTIs may perform. In other words, the CNBV has emphasised that FTIs can only offer the products and services specified in the Mexican Fintech Law.
As mentioned in2.2 Regulatory Regime, the Mexican Fintech Law only foresees two types of FTIs, crowdfunding institutions and e-money institutions. Crowdfunding institutions may only perform activities aimed at putting members of the general public in contact to carry out collective debt financing, collective capital financing or collective co-ownership or royalties financing. Said institutions, in addition to their intermediation activities, may only perform the activities indicated in the Mexican Fintech Law for the development of their business.
The services performed with the public in a habitual and professional manner, consisting of the issuance, administration, redemption and transmission of electronic payment funds, by means of certain specific acts, through computer applications, interfaces, internet pages or any other means of electronic or digital communication, may only be provided by e-money institutions. These institutions, in addition to the activities indicated in the law, may only perform the activities indicated in the Mexican Fintech Law for the development of their business.
The robo-adviser is a business model in which the client is provided with online advice and management of its investment portfolio. In particular, in cases where a regulated service is to be provided, including advisory services related to securities, insurance and banking, the entity owning the robo-adviser must be licensed as a particular financial entity.
Although legacy players have recognised the relevance of technology in the investment sector, in Mexico, only a few legacy players have implemented robo-adviser platforms. A few Mexican financial institutions have developed an investment platform which asks clients certain questions and, depending on their answers, the system automatically suggests where and how to invest.
Robo-advisers aim to make an investment simple, low cost and even a fun task for every investor. They are independent of emotions and therefore the decisions they make do not depend on the uncertainties that human beings may have. However, robo-advisers have a limited capacity to explain complex issues and are not able to manage customer questions or make recommendations based on their responses.
In Mexico, practically any person may lend money to any other person. However, Mexican law provides that only Mexican banks or popular financial companies (sociedades financieras populares) may obtain funding from the public for the purposes of re-lending those funds, either by receiving deposits or issuing debt. These entities are subject to regulation and supervision. The FTIs that allow participants to make or receive loans are crowdfunding institutions, which are regulated by the Mexican Fintech Law, the General Provisions and the Anti-money Laundering Provisions. In accordance with the applicable regulation, crowdfunding institutions are subject to certain limitations. As a general rule, these institutions may publish funding requests on their platforms as long as they do not exceed, per transaction, the amount of 50,000 investment units (approximately USD16,800) if the loans are addressed to individuals, or the amount of 1,670,000 investment units (approximately USD562,500) if the loans are addressed to legal entities or individuals with a business activity.
Under Mexican regulation, FTIs cannot obtain loans and credits to establish schemes that allow them to share the risks of the potential transactions promoted on their platforms, unless they obtain authorisation from the CNBV. The requirements to obtain such additional authorisation are set forth in the General Regulations.
The purpose of crowdfunding institutions is to carry out activities aimed at putting people in contact with the general public, so that financing can be provided by them. As indicated above, only with prior authorisation from the CNBV may crowdfunding institutions obtain loans and credits in order to allocate funds to schemes that allow them to share risks with investors.
The loans offered on FTIs' platforms can be syndicated. However, it should be taken into account that FTIs are required to establish controls on their platforms that prevent the same investor from making investment commitments in amounts exceeding the percentages referred to in the General Provisions.
Pursuant to Mexican Fintech Law, FTIs may only receive monies from deposit accounts opened by their clients with an authorised Mexican financial entity. Likewise, FTIs are obliged to deliver monies to their clients through transfers made to their respective accounts opened in authorised Mexican financial entities. As an exception to this, the CNBV may authorise FTIs:
The Mexican Fintech Law recognises that E-money Institutions can act as money transmitters. From a Mexican legal perspective, a money transmitter is an entity that, among other activities, on a regular basis and in exchange for the payment of a consideration or commission, receives monies in Mexican territory, directly at its offices or by electronic means or electronic transfers or by any other means, with the purpose of transferring them, according to the sender’s instructions, abroad or to another place within Mexican territory, in a single payment, to the designated beneficiary.
Fund managers are regulated and supervised. There are basically two types, investment funds and pension funds, both of which are heavily regulated – their administrators require specific authorisations from the CNBV in the case of investment funds and from the National Commission of the Pension Fund System in the case of pension funds. The types of assets in which they may invest and the transactions they may enter into are limited to those expressly permitted by the applicable regulation.
According to Mexican regulations, fund advisers may not impose conditions on funds in terms that differ from the regulations. Generally, regulations impose rules on compliance with contractual terms, protection of the clients, compliance with investment rules and other applicable rules.
Fund managers are required to comply with anti-money laundering and know-your-customer rules. Such rules include reporting obligations in connection with suspicious and unusual transactions.
The three general types of marketplaces and trading platforms (B2B, C2C and B2C) are permissible in Mexico. Marketplaces for cryptocurrencies or virtual assets (as cryptocurrencies are regarded under the Mexican Fintech Law) are not specifically regulated, but entities acting as intermediaries for the purchase and sale of virtual assets are subject to anti-money laundering laws.
Neither the Mexican Fintech Law nor the Circular 4/2019 published by the Mexican Central Bank distinguish between the different virtual assets. The Mexican Fintech Law only specifies that a virtual asset is considered to be a value representation registered electronically and used by the public as a means of payment for all types of legal acts and whose transfer can only be performed through electronic means.
Although the Mexican Fintech Law contemplates, among other things, that E-Money Institutions can operate virtual assets, the secondary regulation published on 8 March 2019 by the Mexican Central Bank limited the operation of such assets by E-Money Institutions. In short, Circular 4/2019 indicates that credit institutions and FTIs may only perform operations with virtual assets as long as those operations are internal operations and subject to prior authorisation granted by the Mexican Central Bank. Circular 4/2019 also indicates that credit institutions and FTIs must prevent, at all times, the transfer (directly or indirectly) of the risks related to transactions with virtual assets to their corresponding clients.
Mexican laws and regulations have not established standards for the listing of virtual assets.
No order-handling rules apply for virtual assets in Mexico.
As mentioned before, regulation published by the Mexican Central Bank does not allow financial institutions (particularly, credit institutions and E-money Institutions) to offer virtual assets to their clients. The main challenge for the Mexican authorities, in the exchange of virtual assets, will be to prevent their use for laundering money and financing terrorism.
No rules related to the best execution of customer trades have been published in Mexico in connection with the exchange of virtual assets.
No rules permitting or prohibiting payment for order flow have been published in Mexico in connection with the exchange of virtual assets.
Although there are no specific rules regarding high frequency and algorithmic trading, rules issued by the CNBV allow Mexican broker dealers to permit certain sophisticated clients to transfer orders directly to the securities market using electronic communications. These clients include Mexican and foreign institutional investors, Mexican and foreign financial institutions, and issuers with securities registered in Mexico. These clients may use high frequency and algorithmic trading using such electronic services.
Exchange-like platform participants are not subject to regulatory regimes.
Such players are not required to register as market makers.
The transactions entered in terms described in 8.1 Creation and Usage Regulations are not subject to best execution rules.
The CNBV rules apply to broker dealers. Funds have no specific rules regarding these types of trades.
There are no rules applicable to this in Mexico at this point.
Mexican regulations do not require registration of financial research platforms.
The issue of spreading rumours or unverified information is not regulated in Mexico.
This question is not applicable under Mexican legislation.
This question is not applicable under Mexican legislation.
The insurtech industry is regulated by the Insurance Law and other laws and regulations applicable to the offering of insurance products.
Different types of insurance are not treated differently by industry participants and by regulators.
Regtech providers are not registered in Mexico.
These terms are negotiated on a case-by-case basis and mostly refer to terms and conditions of service, client protection and confidentiality issues.
Regtech providers do not act as "gatekeepers" under Mexican legislation.
Legacy players are well aware of the necessity to implement new technologies to create more transparent, safe and efficient procedures. Some Mexican financial institutions have announced millionaire investments to develop blockchain technologies that will strengthen security, and have also announced investments focused on the technology sector in order to offer new digital products and services to their customers.
The Mexican Fintech Regulation that has been published so far does not set forth rules for the use of blockchain but it recognises cryptocurrencies as virtual assets.
Blockchain assets are not specifically regulated in Mexico. However, the general rules to operate with virtual assets are established in the Mexican Fintech Law, the Mexican Federal Law for the Prevention and Identification of Operations with Resources of Illegal Origin, and Circular 4/2019.
As mentioned in 12.2 Local Regulators' Approach to Blockchain, issuers of blockchain assets are not regulated by the Mexican Fintech Law.
As mentioned in 7.3 Impact of the Emergence of Cryptocurrency Exchanges, FTIs and credit institutions require additional authorisation from the Mexican Central Bank to perform internal transactions with virtual assets.
No regulation has been enacted in Mexico in connection with peer-to-peer trading of blockchain assets.
There is no particular regulation for funds that invest in blockchain assets, but exchanges are obliged to elaborate and implement a policy for the identification of their clients in terms of the Anti-Money Laundering Provisions. In other words, exchanges are required to integrate a file for each of their clients at the time of signing contracts, providing services and carrying out transactions in order to fully identify them.
See 12.2 Local Regulators' Approach to Blockchain and 12.4 Regulation of "Issuers" of Blockchain Assets.
In accordance with Article 58 of the Mexican Fintech Law, FTIs are required to implement measures for the adequate knowledge of their clients and for such purposes FTIs must consider the antecedents, specific conditions, economic or professional activity and the geographical areas in which they operate. The information collected by FTIs may be used and kept for as long as necessary to comply with the purpose for which it was collected and in accordance with the requirements of applicable laws and regulations, including those set forth in the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties.
The Mexican Fintech Law indicates that financial institutions, money transmitters, credit information entities, clearing houses, FTIs and companies authorised to operate with novel models must establish standardised application programming interfaces (APIs) to enable connectivity and access from other interfaces developed or managed by those entities and third parties specialised in information technology in order to share certain types of information, as described in 13.2 Concerns Raised by Open Banking.
To access information through standardised APIs, prior authorisation from the Supervisory Commissions or the Mexican Central Bank, as applicable, is required. The Mexican Fintech Law classifies the information that can be shared among financial institutions, money transmitters, credit information entities, clearing houses, FTIs and companies authorised to operate with novel models as the following types of information:
Open Financial Data
Open financial data consists of data that does not contain confidential information, such as information related to products and services offered to the public, location of offices and branches, and points of access to products and services.
Aggregated data consists of statistical information related to operations carried out by or through the above-mentioned entities, which does not allow the identification of personal transactions or information. Aggregated data can only be accessed by entities that have the authentication mechanisms set forth by the corresponding Supervisory Commissions or the Bank of Mexico, as applicable.
Transactional data includes information related to the use of a product or service, including deposit accounts, credits and withdrawal means contracted on behalf of clients of the above-mentioned entities, among other information related to the transactions made by clients or that clients attempted to perform in their financial infrastructure. Transactional data can only be shared with the prior authorisation of clients.
The publication of the secondary regulation related to open banking is expected before 10 March 2020.
Av. Pedregal 24
Molino del Rey
11040 Mexico City
+52 (55) 9178 email@example.com