Blockchain 2023 Comparisons

From an economic and market perspective, the fall of FTX and multiple other global factors, such as high inflation and high reference rates from central banks, have resulted in a reduction in financing being granted to start-ups. According to data derived from an analysis by Transactional Track Record, the amount of venture capital investments in favour of Mexican start-ups fell 60.83% in the first three months of 2023.

From a legal point of view, the bankruptcy of FTX alerted regulators in different countries to the need for cryptocurrency exchanges to be regulated not only in terms of preventing operations using resources of an illicit origin, but also in terms of prudential matters focused on maintaining solvency, liquidity, risk management and capitalisation levels, among others, in order for the exchanges to be able to respond at all times to clients' requests for the withdrawal of resources or assets, in addition to following policies of account separation (separation between those accounts that keep the funds with which the company operates and those in which the assets of its customers are deposited).

In Mexico, to date, no bill has been submitted to the Mexican Congress of the Union to regulate and supervise in prudential matters the companies that regularly and professionally offer the exchange of virtual assets, facilitating or carrying out purchase, sale, custody, storage or transfer operations of such assets ("Virtual Assets Transactions").

In Mexico, interest in learning about and applying blockchain technology in business models has been growing exponentially.

Companies have further developed their technological infrastructure to offer a wider range of products and services to their customers, such as the following.

• Cryptocurrency exchanges are digital platforms that provide the service of exchanging virtual assets between bidders and offerors, either through operations executed peer-to-peer or through a client-server network. In addition, the client can now perform staking operations in some of the exchanges operating in Mexico, generating rewards in either cryptocurrencies or stablecoins, determined according to the applicable annual percentage yield (APY) and after the agreed term. Some of the exchanges that offer some of the products mentioned above include Bitso (a Mexican unicorn), Bitrus, Latamex and Mercado Pago through Paxos.
• Sending remittances: blockchain technology has allowed users of financial services to dispense with the use of traditional financial entities, with high commissions and long waiting times, and start using some exchanges that facilitate their operation with virtual assets or stablecoins, sending and receiving resources to and from different jurisdictions.
• Software as a service: this requires a licence to use the back-end technology infrastructure developed in blockchain in favour of other companies to be at the forefront of the provision of services or products (B2B2C), decentralised finance (DeFi) or payment processing with virtual assets, among others.
• Digital credentials: professional degrees, diplomas and credentials can be registered through blockchain technology. The Instituto Tecnológico de Estudios Superiores de Monterrey is one of the most influential universities in the country and founded Mostla, a platform that allows students to access their electronic degree registered on the blockchain.
• Use for popular elections: through biometric recognition and the validation of official IDs, companies such as NA-AT Technologies could implement technology to initiate electronic voting in popular elections and keep it protected in the blockchain, making it impossible to alter and allowing the origin of the device to be traceable. This has not been completely ruled out by the federal government – specifically the President of the United Mexican States, the Congress of the Union and the National Electoral Institute.
• Digital signatures: electronic signatures with blockchain certification allow documents to be unique and unrepeatable. Weetrust and TRATO are examples of platforms that provide blockchain certificates for signature validation.

With the publication of the Law to Regulate Financial Technology Institutions (the “Fintech Law”), virtual assets have been regulated in Mexico. Virtual assets are defined as the representation of value registered electronically and used among the public as a means of payment, whose transfer can only be carried out through electronic means.

If a company offers the exchange of virtual assets, the facilitation or performance of the purchase, sale, custody, storage or transfer of such assets is subject to compliance with the obligations regarding the prevention of money laundering (AML/CFT) derived from the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin (the “Anti-Money Laundering Law”), its Regulations and General Rules (the “Anti-Money Laundering Legal Framework”). This could include activity that is carried out by automated market makers and wallet aggregators.

To date, there is no express regulation that specifically contemplates each of the products to be offered through DeFi protocols in blockchain.

However, beyond the technology that could be used as underlying technology or support for the offering of different products or services, it would be necessary to consider each of the activities that would be developed in order to analyse whether they require the prior obtaining of a registration, authorisation or concession (“reserved activities”) from any of the financial authorities, such as the Ministry of Finance and Public Credit (MFPC), the National Banking and Securities Commission (NBSC), the National Insurance and Bonding Commission (NIBC), the National Commission of the Retirement Savings System (NCRSS) or Banco de México.

In principle, the regular and professional performance of portfolio management services, making investment decisions on behalf of third parties, the regular and professional provision of advice and analysis, and the issuance of investment recommendations on an individual basis are activities reserved for investment advisers or brokerage firms by the financial regulation. In order to operate as such, such firms must obtain prior registration or authorisation from the NBSC. These activities could fall within the scope of decentralised prediction markets.

On the other hand, the publication of the Fintech Law has regulated activities aimed at putting people from the general public in contact with each other for the purpose of granting financing. This activity was reserved in favour of companies known as Collective Financing Institutions (CFI or crowdfunding). Companies wishing to carry out such activity must previously follow an authorisation procedure with the NBSC in order to operate as a CFI. This activity could fall under the scope of decentralised synthetic investment platforms.

In relation to the activities carried out by decentralised lending platforms, it should be noted that in Mexico the granting of loans or credit is a commercial activity that does not require prior registration, authorisation or concession from any financial authority so both financial entities and non-financial entities (as defined below) can carry them out. However, as with virtual assets transactions, in terms of the Anti-Money Laundering Legal Framework, the granting of loans or credit by non-financial entities is considered a vulnerable activity and therefore must comply with AML/CFT obligations. See 7.1 Decentralised Finance Platforms regarding integrating a platform to put people from the general public in contact so that they can grant financing to each other.

See 3.3 Stablecoins regarding the issuance and trading of stablecoins.

In conclusion, beyond the technology that supports a certain operation, the product or service that is being offered to the general public in national territory must be analysed in order to determine whether or not a reserved activity is being carried out. If such activity is being carried out without the corresponding registrations, authorisations or concessions, it could result in the possibility of being sanctioned with either fines or imprisonment.

In Mexico, non-fungible tokens (NFTs) have mainly been issued to represent:

• works of art;
• access passes to events;
• recognitions or diplomas; or
• the right to claim monetary benefits.

In view of the above, it should be noted that the auction or commercialisation of works of art involving purchase or sale transactions of such goods for a value equal to or greater than the equivalent of 2,410 Units of Measurement and Updating (approximately MXN250,000 or USD14,130) is also considered a vulnerable activity in terms of the Anti-Money Laundering Legal Framework. Therefore, its performance entails having to comply with AML/CFT obligations.

On the other hand, the Securities Market Law (SML) establishes that “security” refers to those credit instruments that represent the capital stock of a legal entity, part of an asset or the participation in a collective credit or any individual credit right. In this sense, if an NFT is issued and commercialised to grant its holder any of the rights described above, it could meet the definition of security and, therefore, its public offer would have to be previously authorised by the NBSC.

In the above context, it will be necessary to determine the legal nature of the NFT in order to determine the applicable regulatory framework, which will require a case-by-case analysis.

Since the publication of the Fintech Law, credit institutions (“banks”), Electronic Payment Fund Institutions (EPFIs) and CFIs (the latter two together: “financial technology institutions”, or FTIs) have been allowed to carry out virtual asset transactions determined by the Mexican Central Bank (Banxico).

Through Circular 4/2019, Banxico established a “healthy distance” between cryptocurrencies or virtual assets and the Mexican financial system. Therefore, banks and FTIs are not authorised to carry out operations with virtual assets directly or indirectly with their clients or users.

It is worth mentioning that, through the same Circular, Banxico established an authorisation procedure to be followed by the aforementioned entities that intend to carry out internal operations with such assets, provided that no risk is transferred to the client or end user in such operation. As far as is known, no authorisation has been issued for these internal operations; however, if issued, each authorisation will be effective only and exclusively in favour of the entity that has requested it.

Notwithstanding the above, the Fintech Law provides a possible solution for financial entities to use virtual assets by generating the possibility of filing an authorisation application to operate as a “regulatory sandbox”. This is an experimentation space that allows companies and financial entities to offer financial services to a determined number of people, using technological and innovative tools that represent a benefit in favour of the client, so that they can be tested in a limited and controlled environment, where their potential can be assessed without having to strive to comply with rigid regulation.

To date, only commercial companies that are not financial entities as they do not carry out a reserved activity (“non-financial entities”) may offer and carry out virtual asset transactions subject to compliance with the Anti-Money Laundering Legal Framework; the supervision of such is the responsibility of the Tax Administration Service (TAS).

It is worth mentioning that the use of blockchain technology per se is not prohibited for any type of company, and that its use will be subject to the applicable regulations regarding the protection of personal data, cybersecurity and the use of electronic media. In fact, on 7 June 2023, the National Procedures Code was published and for the first time in Mexico, terms such as “blockchain” and “metaverse” were defined and recognised. In addition, information, electronic documents or data messages contained or stored on a blockchain were established as potential evidence.

Although, in the past, the possibility for the parties in trial to present evidence stored in technological media had been contemplated, to ensure the validity of such electronic evidence, it has been required that this type of evidence be presented together with evidence that the information contained in the data message has remained intact and unaltered from the time it was first generated and, in such terms, is therefore accessible for subsequent consultation. For this purpose, it is necessary to comply with the requirements contemplated in the Mexican Official Rule NOM-151-SCFI-2016 issued by the Ministry of Economy that establishes the requirements for the digitisation and preservation of such data messages.

The  National Procedures Code breaks the previous rule by recognising the existence of information, electronic documents or data messages contained or stored on a blockchain, and not only this but it confers full proof to the type of data contained in a public blockchain. The fact that it confers full proof means that by its mere contribution as proof in court, the related fact is proved. In this sense, it is no longer up to the offeror to prove that the requirements related to the digitisation and preservation of data have been met, but it is up to the counterparty to provide elements to disprove it, either by demonstrating the violation or manipulation of the information contained in the public blockchain. In addition, the National Procedures Code became the first law to contemplate the metaverse as a space for trial hearings. In addition, the National Procedures Code became the first regulation to expressly contemplate the metaverse as a space for trial hearings.

Recommendation 15 of the Financial Action Task Force (FATF) in relation to virtual assets and virtual asset service providers (VASPs) states: “To manage and mitigate the risks emerging from virtual assets, countries should ensure that virtual asset service providers are regulated for AML/CFT purposes, and licensed or registered and subject to effective systems for monitoring and ensuring compliance with the relevant measures called for in the FATF Recommendations.”

Derived from the 3rd Enhanced Follow-up Report & Technical Compliance Re-Rating followed by the June 2018 Mutual Evaluation Report, the FATF rated Mexico as being “Largely Compliant” with said recommendation.

The offering of virtual asset transactions by VASPs in Mexico is considered a reserved activity subject to compliance with the Anti-Money Laundering Legal Framework.

The obligations that exist in this matter include the following:

• to obtain registration before the TAS;
• to obtain registration in the Internet Portal System (“AML Portal”) managed by the TAS;
• to file monthly notices with the Financial Intelligence Unit (FIU), through the AML Portal, containing information from those clients who in the last six months have accumulated purchase or sale transactions for at least 645 Units of Measurement and Updating (approximately MXN66,912 or USD3,723);
• to record the transactions carried out by each client within the last six months;
• to designate a representative before the MFPC who is in charge of complying with the obligations set forth in the Anti-Money Laundering Legal Framework;
• to collect information and documentation established in the forms issued by the MFPC for each type of client with whom it is intended to carry out transactions;
• to safeguard the information and documentation provided by clients for at least five years;
• to screen the lists provided by the FIU and the company's clients;
• to prepare a compliance manual in which the criteria, measures and internal procedures to comply with the provisions of the Anti-Money Laundering Legal Framework are detailed; and
• to provide the information that, if applicable, is required by the MFPC, the TAS, the FIU or another competent authority.

In Mexico, in accordance with Article 73, Sections X and XXIX-F of the Political Constitution of the United Mexican States, the power to issue laws on matters of commerce and technology lies with the Congress of the Union. In addition, the National Procedures Code referred to in 2.1 Regulatory Overview, was issued by this Congress based on Article 73 Section XXX of the aforementioned Political Constitution.

As in the case of financial regulations, laws may delegate the power to issue secondary regulations to governmental/administrative bodies that specialise in a certain sector or subject matter.

To date, there is no specific regulation regarding the use of blockchain technology per se, except as set forth below and applicable only toEPFIs.

In this sense, the following two regulators are also relevant in relation to the execution of virtual asset transactions.

Banxico

Through the publication of Circular 4/2019, the Central Bank established a “healthy distance” between virtual assets and the Mexican financial system, and established an authorisation procedure to be followed by banks, EPFIs or CFIs that intend to carry out internal transactions with such assets, provided that no risk is transferred to the client or end user in such transaction.

In addition, by virtue of the provisions of Circular 12/2018, EPFIs that wish to use blockchain technology associated with any of the virtual assets in the performance of operational processes must follow an authorisation procedure before Banxico.

Ministry of Finance and Public Credit

Based on the fact that only non-financial entities may offer the execution of virtual asset transactions directly to their clients in Mexico, this governmental body is relevant since it has the power to issue and reform the General Rules referred to in the Anti-Money Laundering Law, which detail the existing obligations on AML/CFT matters.

In Mexico, there are no self-regulatory organisations or trade groups that perform regulatory or quasi-regulatory roles with respect to businesses or individuals using blockchain.

In Mexico, to date there has been no judicial decision related to the interpretation of the legal regime applicable to the use of blockchain.

However, administrative fines have already been issued by the NBSC to financial entities that have offered virtual asset transactions to their clients without complying with the corresponding regulatory framework.

To date, communications and criteria have been issued by the MFPC, the NBSC, Banxico and the FIU regarding the offering of native blockchain tokens, as well as foreign VASPs offering operations in national territory.

The most relevant are as follows.

Joint Communication by the MFPC, the NBSC and Banxico, Dated 13 December 2017

Through this joint statement, the aforementioned financial authorities warned about financing schemes known as initial coin offerings derived from the issuance of different types of tokens.

These tokens whose acquisition grants certain rights in favour of the token holder to acquire ownership of other certain assets or part of the profits generated by the project, among others, are recognised as Security Tokens and, therefore, the regulation provided for in the SML and secondary provisions may be applicable, necessitating a request for authorisation from the NBSC in order to carry out a public offering in national territory.

The SML establishes that a public offering is understood as an offer, made in Mexican territory through mass media and to an undetermined person, to subscribe, acquire, dispose of or transfer securities, by any title (“public offering”).

Joint Communication by the MFPC, the NBSC and Banxico, Dated 28 June 2021

In June 2021, Banxico, the MFPC and the NBSC issued a communication through which they announced their position regarding the exchange, purchase, sale, custody, storage or transfer of stablecoins. In this sense, the authorities differentiated between virtual assets and stablecoins.

In the words of the authorities, stablecoins are “units of monetary value that are digitally stored in non-centralised registries (Distributed Ledger Technology) to generate a collection right over the issuer… A digital unit of value that is associated to the value of a fiat currency”.

Under this order of ideas, the offering and commercialisation of stablecoins, under the authorities' criteria, are equivalent to the activity of fundraising, which is a reserved activity that requires authorisation from the financial authorities before it can be carried out; doing so without the corresponding authorisations could be subject to monetary penalties and up to 15 years of imprisonment.

Interpretation Criteria Issued by the FIU, Dated August 2021

Through this interpretation criteria, the FIU established, in accordance with international standards on the matter, that non-financial entities engaged in virtual asset transactions with their clients in national territory are also required to comply with the Anti-Money Laundering Legal Framework, even if they are incorporated abroad or if the technological infrastructure that allows the performance of such transactions is located abroad.

The use of blockchain technology per se is not prohibited for any type of company, and its use will be subject to the applicable regulations regarding the protection of personal data, cybersecurity and the use of electronic media.

However, it should be noted that the Fintech Law provides for a “regulatory sandbox”, which may be requested by both non-financial entities and financial entities that wish to provide a financial service whose performance requires registration, authorisation or concession as it is considered a reserved activity.

The regulatory sandbox is a space for experimentation that allows non-financial entities and financial entities to offer financial services to a determined number of people, using technological and innovative tools that represent a benefit in favour of the client, so that they can be tested in a limited and controlled environment, in which their potential can be assessed without having to comply with rigid regulation.

To date, the tax regulation has not been modified to consider the use of blockchain or cryptocurrencies.

The way in which companies that only act as intermediaries in the execution of virtual asset transactions are taxed – as opposed to those companies that have different virtual assets to subsequently execute the purchase orders of their clients – is subject to the interpretation of the regulation.

In addition, the TAS has not issued any criteria to distinguish between the regimes applicable to virtual assets, stablecoins and assets that have acquired legal tender in other jurisdictions (and therefore could be understood as foreign currency), among other tokens with different usability.

As a result of the publication of the Fintech Law, the Financial Innovation Group was created as a consultation, advisory and co-ordination body whose purpose is to establish a space for the exchange of opinions, ideas and knowledge between the public sector (MFPC, NBSC, NIBC, NCRSS, CONDUSEF and Banxico) and the private sector, to learn about innovations in financial technology and plan their orderly development and regulation. Part of the group's objective is to analyse the needs generated by advances in technology on a daily basis, in order to re-evaluate the application of regulations and promote their reform. Legal Paradox has had the pleasure of being invited to address various blockchain topics before this Group

The most recent regulation regarding blockchain is provided by the National Procedures Code (see 2.1 Regulatory Overview); however, there has not yet been any reform to financial regulation, the Fintech Law or secondary provisions establishing the specific regime applicable to financial entities regarding the use of blockchain or allowing transactions to be carried out with the different types of tokens native to this technology.

The general rules on contractual matters apply to the transfer of ownership. In this sense, the purchase and sale are verified at the moment when there is an agreement on the price and the object to be transferred. However, due to the characteristics of the technology that supports it, the transfer of ownership may be subject to a suspensive condition in the sense that it is not verified until the corresponding validations have been carried out in the network.

Mexican regulation of the different types of tokens that can be issued in blockchain only contemplates virtual assets as the representation of value registered electronically and used among the public as a means of payment, and whose transfer can only be carried out through electronic means.

Therefore, by virtue of the different tokens that can be issued (NFTs, utility tokens, security tokens, exchange tokens, DeFi tokens), it will be necessary to analyse the right that comes with holding the token in order to conclude whether it could be considered as a Security and, therefore, be subject to the application of the SML or any other financial regulation.

Although the Joint Communication dated 13 December 2017 (see 2.6 Enforcement Actions) was issued, it should be noted that this type of communication cannot be considered as a legal order that binds individuals to its compliance; however, it establishes a guideline to know the criterion that the authority has decided to take in this regard.

Therefore, a request for interpretation of the Fintech Law or the SML for administrative purposes could be filed with the MFPC to define the legal treatment that this type of token will receive. The resolution issued by the authority will legally bind the applicant to comply with it.

The regulation expressly states that legal tender in national territory, foreign currency or any other asset denominated in legal tender or foreign currency shall not be considered as virtual assets.

In this sense, stablecoins (ie, tokens or digital units of value associated with the value of a fiat currency) do not meet the definition of virtual assets, so they cannot be given the same legal treatment.

Taking this into account, as well as the Joint Communication dated 28 June 2021 (see 2.6 Enforcement Actions), it could be interpreted that carrying out transactions with stable currencies could be equivalent to the activity of fundraising, which is a reserved activity for financial entities in Mexico, so it would be necessary to obtain prior registration, authorisation or concession from the competent financial authorities.

Likewise, this type of communication cannot be considered as a legal order that binds individuals to comply with it. Therefore, a request for interpretation of the Fintech Law for administrative purposes could be filed with the MFPC to define the legal treatment of stablecoins.

The essential characteristic of virtual assets in the form in which they are regulated today is to act as a means of payment. In this context, there is no regulatory restriction in this regard.

In Mexico there is no regulation that expressly covers the creation, marketing or sale of NFTs. However, it would be necessary to consider the characteristics of the NFT in order to determine whether it is a vulnerable activity under the Anti-Money Laundering Legal Framework (for example, if works of art are auctioned or commercialised through the issuance and commercialisation of the NFT) or a reserved activity under the SML when setting the definition of value.

In addition, it is necessary to determine the legal nature of the NFT on a case-by-case basis, in order to determine whether the sale of such asset is taxable.

Different tokens are traded in the market, such as virtual assets, NFTs, utility tokens, exchange tokens, DeFi tokens, stablecoins and precious metals-backed tokens, among others.

The market is divided between custodial and non-custodial exchanges. To date, no decentralised exchange has been developed in Mexico but 1inch, Voltswap, XDEFI Wallet and Biswap, among others, can be accessed from Mexico.

In Mexico, there are three main methods to purchase crypto:

• by making a transfer to a deposit account and then using that balance within the same platform to purchase the asset;
• by making a transfer to the exchange to only view the crypto balance on the platform; or
• by making a charge to a debit or credit card to view the crypto balance on the platform.

There are exchanges in which you are allowed one or more of the following withdrawal methods once you have a balance in crypto:

• to exchange one asset for another;
• to transfer crypto to another wallet; or
• to sell your assets at market price and, once the order is executed, receive the fiat currency in a deposit account provided by a financial entity that is authorised to receive funds from the general public.

There are currently no restrictions on the amounts or funding or withdrawal mechanisms.

On the other hand, money transmission is a reserved activity for money transmitters or other types of financial entities.

In simple terms, in order to operate a money transmitting business, it is necessary to obtain prior registration in the Register of Money Transmitters managed by the NBSC. Such companies receive resources in local or foreign currency, directly in their offices, by electronic means or by any other means, on a regular basis and in exchange for the payment of a fee, with the sole purpose of delivering them, in a single transmission, to the designated beneficiary abroad or in the national territory, according to the instructions of the sender.

Carrying out money transmission without the corresponding registration carries fines of up to 100,000 Units of Measurement and Updating (approximately MXN10,073,433 or USD577,337) and up to 15 years' imprisonment.

Since virtual asset transactions are a vulnerable activity in terms of the Anti-Money Laundering Legal Framework, AML/CFT obligations must be complied with.

One such obligation is to identify the type of customer with whom a commercial relationship is entered into. To this effect, the MFPC has issued General Rules and formats through which it establishes the information and documentation that, as a minimum, must be requested from customers, whether they are:

• individuals of Mexican nationality or foreign nationality with temporary or permanent residence in Mexico;
• foreign individuals without temporary or permanent residence in Mexico;
• Mexican legal entities;
• Mexican legal entities under public law;
• foreign legal entities;
• embassies, consulates or international organisations with residence in Mexico;
• financial entities; or
• trusts, among others.

The VASP or whoever performs the vulnerable activity must conduct transactional monitoring in order to submit notices to the FIU, through the AML Portal, in those cases in which there is information based on facts or indications that the client's assets may come from or be destined to favour or provide aid, assistance or co-operation of any kind for the commission of the crime of money laundering operations, financing of terrorism or related to these, within 24 hours of the information becoming known.

On the other hand, the FIU issues a list through the AML Portal, which contains the names of persons linked to the crimes of money laundering or terrorist financing; the FIU may consider other lists issued by national authorities (such as the TAS regarding simulated operations) and international organisations (such as the United Nations Security Council) or authorities of other countries (such as OFAC), which are recognised as having been officially issued in terms of the international instruments to which Mexico is a party.

VASPs must screen their clients against the aforementioned list during the onboarding process and in relation to each of the transactions they perform. In the event of a match, they have to file a notice with the FIU, through the AML Portal, within 24 hours of the information becoming known.

For more information regarding the obligations arising from the Anti-Money Laundering Legal Framework, please see 2.2 International Standards.

The power to regulate in matters of commerce lies with the Congress of the Union. However, as mentioned in 2.3 Regulatory Bodies, it may delegate the power to issue technical or specialised regulations in certain matters to certain administrative agencies.

In the case of financial entities, the administrative authorities to which the power to issue regulations related to virtual assets is delegated are the MFPC, the NBSC and Banxico.

In the case of non-financial entities that carry out operations with virtual assets, an important administrative authority is the MFPC, which issues the General Rules mentioned above, detailing the obligations on AML/CFT matters that must be complied with by those who carry out this type of operation.

If fraudulent practices are carried out through operations with virtual assets or other types of tokens, there are consumer protection regulations, in addition to criminal penalties for such conduct.

In relation to price manipulation in the market, if the token meets the characteristics to be considered a Security, such conduct would be sanctioned in accordance with the SML.

As exchanges are regulated solely on AML/CFT matters, there are no regulatory limits on an exchange's ability to re-hypothecate the digital assets they hold for customers to third parties.

This issue would be addressed precisely if there were prudential regulations in Mexico that could apply.

There are no specific regulations in Mexico applicable to businesses that provide hot or cold storage solutions for private cryptographic keys that control the ability to give instructions with respect to digital assets.

However, it will be necessary for such projects to comply with the rest of the general regulatory framework, relating to personal data protection, consumer protection, etc.

The performance of virtual asset transactions is a commercial activity.

However, it should be noted that, in Mexico, in accordance with Article 103 of the Credit Institutions Law, the offering to receive funds from an undetermined person through mass media, through any act causing a liability, being obliged to cover the principal (the amount originally received) and, if applicable, the financial accessories (interest), is a prohibited activity unless it is carried out by a financial entity that is authorised for such purpose.

Therefore, if the holding of the tokens entails participation in the capital stock of a legal entity, part of an asset or a collective or individual credit, it could meet the definition of security and, therefore, have to follow an authorisation procedure with the NBSC to be an issuer of securities and receive the resources of the general public derived from its placement.

Exchanges or non-financial entities that perform virtual asset transactions are subject to compliance with the rules contained in the Anti-Money Laundering Legal Framework, the Federal Consumer Protection Law, the Federal Law for the Protection of Personal Data in Possession of Private Parties and the Federal Law for the Protection of Industrial Property, among others.

If the tokens qualify as securities, the following applies:

• the issuer of the tokens must follow an authorisation procedure with the NBSC to carry out its public offering;
• the placement of the securities must be made through an authorised intermediary, which in Mexico are brokerage firms, banks, retirement fund administrators, mutual fund operating companies and mutual fund share distribution companies;
• the requirements for listing the securities on a Mexican Stock Exchange must be met; and
• other obligations established in the SML and secondary provisions must be complied with.

Notwithstanding the developments discussed in 2.1 Regulatory Overview, there are no specific regulations regarding the distribution of tokens through airdrop or other similar mechanisms that do not necessarily involve the purchase of the token.

However, if the legal nature of the token is a virtual asset and it is transacted from a non-financial entity, the Anti-Money Laundering Legal Framework must be complied with.

However, depending on the specific legal nature, an analysis must be made in order to determine the correspondent legal framework.

There are no special regulations applicable to investment funds that invest in digital assets; they can do so under their general regime.

In October 2022, BBVA (the bank with the largest assets in Mexico) launched the first investment fund: BBVADIG. Its portfolio is composed of investments in the fintech sector, Web3, tokens and the digital economy, among others.

On the other hand, the Banxico provisions contained in Circular 4/2019 are applicable to CFIs, as FTIs, so they cannot carry out virtual asset transactions with their clients.

However, the regulation does not forbid the financing of blockchain-based projects through CFI platforms. In this context and in relation to ESG principles, Red Girasol® is an intermediary in the financing of any type of environmental or social impact project for a cleaner future. Its mission is to connect society to create better conditions for future generations. To date, it has achieved the financing of more than MXN167,180,167 (approximately USD9,422,954) through its platform, which is destined for clean energy projects, harnessing resources for Mexican homes and businesses, financing the acquisition of materials and equipment with a sustainable approach, and bitcoin mining projects with low environmental impact (powered by solar energy, or some other renewable energy). To date, according to the projects published and financed through this institution, more than 99,033,725 tons of carbon dioxide have been avoided.

If a CFI would like to perform virtual asset transactions internally, it should request prior authorisation from Banxico, demonstrating that no risk is transferred to its clients.

In addition to the above, if a CFI would like to directly make an investment in blockchain-based projects, it could request authorisation from the NBSC to adopt an incentive alignment scheme in the projects in which its clients invest; it can do so as long as it can prove that such investment was made to a company that provides auxiliary, complementary or real estate type services. This is because it has a limited investment regime provided by law, as a financial entity.

When carrying out virtual asset transactions by non-financial entities, it is necessary to comply mainly with the regulations contained in the Anti-Money Laundering Legal Framework, the Federal Consumer Protection Law, the Federal Law for the Protection of Personal Data in Possession of Private Parties and the Federal Law for the Protection of Industrial Property.

In relation to the operation by financial entities, Banxico established through Circular 4/2019 that banks, EPFIs and CFIs are not empowered to directly or indirectly carry out virtual asset transactions with their clients. However, the regulatory sandbox could allow such entities to carry out such transactions by requesting exceptions to the prohibition established by Banxico, being subject to compliance with the terms and conditions imposed by the financial authority through the authorisation issued in this regard.

There are no specific laws, regulations or binding judicial decisions addressing the legal enforceability of private contractual arrangements made in whole or in part utilising agreed-upon computer code that executes across multiple “nodes” on a blockchain-based network; therefore, the general legal framework for contracts will apply.

In commercial matters, it is permissible and legally binding to enter into contracts by accepting them through electronic means. In this sense, the fact that a user interacts in a blockchain network and expresses its consent to the application of the terms and conditions set in the operation of a smart contract, indicating the rights and obligations of each of the parties, is enough to conclude in the first instance that there is an agreement of wills that is binding for the parties.

With the publication of the National Code of Procedures, the existence of information, electronic documents or data messages contained or stored in blockchain has been recognised as evidence. For more information regarding this topic, please see 2.1 Regulatory Overview.

Liability for reparation may arise from the commission of unlawful acts or breaches of contractual obligations.

As liability deriving from the commission of unlawful acts, the offended party is entitled by law to demand the re-establishment of the situation prior to the occurrence of the act, when possible, or the payment of damages and losses.

Under Mexican regulations, there is also objective liability, regardless of the individual's intention. This arises when a person makes use of mechanisms, instruments, apparatus or substances that are dangerous due to the speed they develop, their explosive or flammable nature, the energy of the electric current they conduct or other analogous causes. The person shall be obliged to answer for the damage they cause, even if they do not act unlawfully, unless they prove that such damage was caused by the inexcusable fault or negligence of the victim.

As a liability arising from the breach of the agreement, the affected party may demand payment of the damages and losses caused. It is worth mentioning that the damages and losses must be an immediate and direct consequence of the failure to comply with the obligation.

Except as otherwise expressly provided, the extent and limits of liability of developers of blockchain-based networks or the code running on these networks may be regulated by way of agreement or terms and conditions applicable to the parties.

There are no specific regulations for DeFi platforms.

As noted in 1.3 Decentralised Finance Environment, virtual asset transactions and the granting of loans or credit are activities that may be carried out by non-financial entities subject to compliance with the regulations outlined in 5.2 Initial Exchange Offerings.

However, the following should be kept in mind:

• putting persons of the general public in contact with each other for the purpose of granting debt, equity, co-ownership or royalty financing through any means of electronic is a reserved activity in favour of CFIs, which require prior authorisation from the NBSC in order to operate; and
• in general, the offering to receive funds from an undetermined person through mass media or through any act causing a liability, being obliged to cover the principal (the amount originally received) and, if applicable, the financial accessories (interest), is a prohibited activity unless it is carried out by a financial entity that is authorised for such purpose.

There are no specific rules applicable to collaterals in digital assets: the general rules for collaterals will apply and it may be possible to register the collateral in the single registry of mobile guarantees, such as agreeing the realisation of an irregular deposit in favour of the lender so that they can be paid with the asset via compensation in the event of default, or the pledge can be allocated in a guarantee trust so that in the event of default the pledge can be executed without going to court.

There are no requirements in Mexico for professional investors to transfer digital assets to a custodian.

In order to carry out virtual asset transactions, which contemplate custody services, the regulation outlined in 5.5Broker-Dealers and Other Financial Intermediaries must be complied with.

The Federal Law for the Protection of Personal Data in Possession of Private Parties establishes obligations that are applicable to both financial entities and non-financial entities.

Such obligations include that the responsible party must have and present to the owners of the personal data a privacy notice containing, among other elements, the way in which they may exercise their rights of access, rectification, cancellation or opposition to the processing of their personal data.

The right of cancellation of personal data empowers its owner to request the elimination of data about themselves.

Two relevant issues are worth mentioning:

• financial entities and non-financial entities are obliged to safeguard for at least ten and five years, respectively, the documents of the operations carried out and the information and documentation that support the product or service contracted, as well as those that identify the corresponding client or user, so that a blocking period will begin if an owner exercises their right of cancellation of personal data, and the corresponding data will subsequently be deleted; and
• it must be taken into consideration by the owner that there may be information registered in a blockchain, in which case, due to its characteristics, it is impossible for the person responsible for personal data to delete it.

There is no special regulation regarding data protection in the use of blockchain-based products or services.

The Federal Law for the Protection of Personal Data in Possession of Private Parties would be applicable, taking into account the considerations established in 8.1 Data Privacy.

There are no specific rules applicable to mining.

However, in Mexico there is a principle that establishes that “whatever is not prohibited by law is permitted”. Therefore, as there are no regulations or prohibitions applicable to mining, it is an allowed activity.

Notwithstanding the above, mining has an important energy aspect and, depending on the amount of energy required, an entity conducting mining activities may be considered as a “qualified user” and therefore be subject to the correspondent energy legal framework.

In Mexico, there are no special regulations regarding staking or staking as a service.

However, considering that an annualised yield or APY is offered by virtue of these operations, it could meet the definition of security and therefore be subject to compliance with the provisions of the SML. This is in accordance with the Joint Communiqué issued on 13 December 2017 (for more information, see 2.6 Enforcement Actions).

DAOs do not have a specific regulatory regime; it could be said that they are an aspect of the constitutionally recognised right of freedom of association.

However, depending on the model proposed, the governance token could meet the definition of security according to the SML, so that its issuance, placement and marketing could be considered reserved activities and therefore be subject to prior authorisation from the financial authorities. This would be the case if respective token represents the capital stock of a legal entity, if its holding entails the power to exercise corporate or economic rights as a shareholder, and if its placement is intended to be made through a public offering.

It is worth noting that Paradox Ventures was launched in December 2022, as the first DAO in Mexico fully backed by its by-laws. Paradox Ventures aims to support entrepreneurs in turning their dream into successful companies, providing legal and financial advice with tickets of up to USD80,000.

Pursuant to these by-laws, there are two types of holders of governance tokens transferred via airdrop in the first phase. The first type is honorary, as they have the power to evaluate and vote on the investment projects, as well as to liquidate them. The second type do not have corporate or voting rights in relation to investment decisions but have economic rights in order to be able to receive proportionally up to 50% of the profits declared by the organisation.

In Mexico, membership in a DAO can be achieved through the traditional acquisition of the governance token via airdrop, transfer or acquisition in the market, and its processes are carried out both on-chain and off-chain, as long as the correspondent legal framework is complied with.

Paradox Ventures was launched using the structure of a legal entity.

DAOs could use the structure of civil entities (such as societies or associations) or commercial entities (such as limited liability companies, corporations or investment promotion corporations), depending on the purpose or speculative intent.

However, when the governance token meets the definition of a security and is sought to be issued and subsequently placed through a public offering, the issuer company must follow the authorisation procedure before the NBSC (see 5.2 Initial Exchange Offerings) and must use the structure of a commercial entity, in its specific form of an investment promotion corporation or stock exchange corporation.

In the previous example, Paradox Ventures was incorporated under the regime of an investment promotion corporation, which, in principle, is the regime that provides greater protection to minority investors.

The pros of the existence of DAOs that use the structure of legal entities are as follows:

• to provide greater safety to people who interact with it as its legal existence is accredited;
• increasingly, public notaries are allowing the holding of shareholders' and board meetings through digital means, the printing of electronic signatures in the minutes of the meetings, and the keeping of corporate books electronically, so that the decisions issued by the DAO and the acts arising from such resolutions are binding on the company; and
• a legal entity can provide legal protection to the members of the DAO by limiting their personal liability.

Disadvantages in the operation of the DAO through the structure of legal entities include the following:

• an increase in organisation administrative costs; and
• the filing of periodic declarations or notices to the TAS, as well as notices to the National Registry of Foreign Investment of the Ministry of Economy if there is foreign participation in the capital stock.