Banking Regulation 2024 Comparisons

The principal statutes governing the banking sector in Mexico, are the following:

• Credit Institutions Law (Ley de Instituciones de Crédito – LIC) – this regulates the authorisation, incorporation, organisation, operation and resolution of banks.
• Law for the Regulation of Financial Groups (Ley para Regular las Agrupaciones Financieras) – this regulates the formation and functioning of financial groups, and the organisation of their holding entities.
• Law for the Transparency and Order of Financial Services (Ley para la Transparencia y Ordenamiento de los Servicios Financieros – LTOSF) – this sets forth transparency requirements in connection to fees and other charges collected by financial entities, including banks, and to the granting of credit by such entities. Also, it establishes the principles that govern the card payments network in Mexico.
• General Law on Negotiable Instruments and Credit Transactions (Ley General de Títulos y Operaciones de Crédito – LGTOC) – this regulates negotiable instruments and certain credit transactions.
• Payments Systems Law (Ley de Sistemas de Pagos) – this defines what a payment system is and provides a general legal framework for its operation.
• Mexican Central Bank Law (Ley del Banco de México) – this regulates the Mexican Central Bank’s organisation, mandate and authority, and sets forth the guiding principles which it must observe.
• National Banking and Securities Commission Law (Ley de la Comisión Nacional Bancaria y de Valores) – this regulates the organisation, mandate and authority of the National Banking and Securities Commission (Comisión Nacional Bancaria y de Valores – CNBV).
• Bank Savings Protection Law (Ley de Protección al Ahorro Bancario) – this governs the bank savings protection system.

The number of secondary regulations derived from the above-mentioned laws is extensive, and one or more authorities may participate in their issuance. However, the principal banking regulations are:

• General rules applicable to banks (Disposiciones de Carácter General aplicables a las Instituciones de Crédito or Circular Única de Bancos – CUB) issued by the CNBV, which contain capitalisation, corporate governance, internal control, and reporting requirements, as well as other prudential regulation.
• Circular 3/2012 issued by the Central Bank of Mexico (Banxico) which regulates active and passive bank operations and certain operations with Banxico.
• Circular 14/2017 issued by Banxico, containing the Rules of the Interbank Electronic Payments System (“SPEI”) administered by Banxico, which governs real-time electronic transfers between its participants.
• Liquidity rules applicable to banks, jointly issued by CNBV and Banxico.
• AML Rules (Disposiciones de Carácter General a que se refiere el Artículo 115 de la Ley de Instituciones de Crédito) issued by the Ministry of Finance (Secretaría de Hacienda y Crédito Público – SHCP) which contain KYC and reporting rules that banks must follow, as further discussed in 5.1 AML and CFT Requirements.

Supervision and regulation of banks in Mexico is mostly divided between four principal authorities:

• The Central Bank of Mexico (Banxico) – a constitutionally autonomous entity, its mandate is to issue legal currency, to preserve its value, and to ensure the smooth functioning of the payment systems, and the financial system’s stability.
• The Ministry of Finance is in charge of regulating AML and CFT matters through its financial intelligence unit (“UIF”) and setting forth the federal government’s public policies regarding the financial system.
• The National Banking and Securities Commission (CNBV) serves as the primary supervisory authority over banking, securities and certain financial institutions, and regulates their organisation and operation. Some entities and their operations are jointly regulated with Banxico.
• The National Commission for the Protection and Defence of the Users of Financial Services (Comisión Nacional para la Protección y Defensa de los Usuarios de Servicios Financieros) is in charge of protecting financial services users, through the receipt of claims and by ensuring banks’ adequate conduct before them. It mandates transparency measures in the collection of fees, and imposes requirements on adhesion contracts, among other functions.

Bank Licences

Under the LIC, banks in Mexico may only operate under two licences: (i) state-owned banks (Instituciones de Banca de Desarrollo) or (ii) privately owned banks (Instituciones de Banca Múltiple). Even though banks may only be created under one of these licences, other licensed entities (ie, Sociedades Financieras Populares and Instituciones de Fondos de Pago Electrónico) may conduct certain operations that are otherwise reserved for banks, such as opening deposit accounts through the collection of funds from the general public.

State-owned banks are considered to be part of the federal government, which participates in at least 66% of their corporate capital. Each of these banks is governed by specific laws and regulations with the aim of tending to specific sectors of the population and the economy. Foreigners may not participate in the capital stock of this type of financial institution.

On the other hand, the corporate capital of privately owned banks may be freely subscribed, except, generally, by foreign governments. Privately owned banks in Mexico may be controlled by a bank, or a financial holding company established in another jurisdiction with which Mexico has a reciprocal treaty, subject to prior authorisation from the CNBV, which would result in the creation of an affiliate bank.

Banking Activities

Fundamentally, banks conduct banking and credit activities, defined as the collection of funds from the public, as liabilities in their balance sheet, to then allocate such funds within the public in the form of credit. Additionally, banks are the main players for the implementation of monetary policy decisions.

Article 46 of the LIC specifically establishes activities that may be conducted by banks, such as:

• receiving funds and deposits from the general public;
• granting loans;
• issuing bank bonds;
• issuing debentures;
• issuing means of payment;
• carrying out transactions with securities and commodities;
• providing trustee services;
• borrowing money;
• issuing letters of credit;
• entering factoring and financial lease transactions;
• conducting derivative operations; and
• accepting loans and credits.

Note that banks’ prudential regulation requirements will vary depending on the number of activities carried out and the amount of each transaction.

However, as mentioned previously, some banking activities may also be conducted by other financial entities, as permitted in the respective laws that are applicable to each of the said entities.

Authorisation Process and Requirements

Entities that aim to obtain a licence as a privately owned bank must be incorporated as a corporation (Sociedad Anónima) in terms of Mexican law; have fixed capital; be domiciled in Mexico; have indefinite duration and the corporate purpose to render banking and credit activities.

The authorisation process is composed of three general stages:

• preparatory meetings and planning;
• submission of the authorisation file to the CNBV; and (once approved with Banxico’s prior favourable opinion)
• request for commencement of operations.

During the first stage, entities will have introductory meetings with the CNBV to present their business case and the people behind the project. At this point, the CNBV is likely to enquire about and comment on the proposed model, provide its interpretation of certain aspects of laws and regulations, and convey its expectations as to what it hopes to see in the authorisation file.

As part of the second stage, the authorisation file must contain the following, according to the LIC:

• A draft of the by-laws.
• Information on the people and/or entities who will participate on the banks’ ownership structure, the number of shares each will hold, their credit history and the origin of the funds that will be used to capitalise the entity. This requirement in many cases represents a challenge, due to the amount of information that the CNBV requires, down to the last beneficiary or controller. The CNBV is stringent on this point.
• Detailed information on the proposed directors and principal officers, including their creditworthiness and professional qualifications.
• A general functioning plan that contains – which activities of Article 46 of the LIC the entity intends to conduct, information about security measures, a financial viability plan, and corporate governance information.
• A proof of surety deposit of 10% of the minimum capital needed to initiate operations which, upon commencement of operations, is returned to the applicants.

The CNBV is likely to request more information based on its broad authority to do so, and to request clarifications on the information provided. During this stage, back-and-forth exchanges with the CNBV are the norm, to complete the file in a manner that is satisfactory to the authority. Upon fulfilling the CNBV’s requirements, such authority may issue its authorisation, provided that Banxico has issued its favourable opinion.

Before submitting the file, applicants must pay a fee of approximately USD3,200 to the CNBV for processing the application. After the initial submission, applicants must pay approximately USD47,150 to receive the authorisation.

Finally, once the authorisation has been issued, the now-recognised bank will need to take further actions to commence operations within the next 180 days following its approval. For example, it will need to comply with capital requirements (see 8. Prudential Regime), and have internal governance controls in place and the necessary infrastructure to operate. At this point, on-site audits may be expected. Upon approval from the CNBV with Banxico’s favourable opinion, the bank may commence operations, after paying a fee of approximately USD150,870 for the authorisation to operate.

Completion of stage two is expected to take from 12 to 18 months and commencement of operations from 18 to 24 months from the beginning of the process.

For clarity purposes, a bank’s corporate capital is composed of class O and class L shares. Class O shares are ordinary and confer voting rights to their holders. On the other hand, class L shares have limited voting rights but are preferred in dividend distributions and may only represent 40% of the corporate capital represented by outstanding class O shares.

However:

• Any person or group of related persons who acquire or transmit class O shares that represent more than 2% of the corporate capital must give notice to the CNBV within the next three days of said transfer or acquisition.
• Any person or group of related persons who intend to acquire, through one or more operations or a grant as collateral, more than 5% of the ordinary corporate capital – represented by class O shares – must request authorisation from the CNBV, which may be issued or denied after receiving, but not based upon, Banxico’s opinion. Said request must include information on the persons who intend to acquire such shares or receive them as collateral.
• Any person or group of related persons who intend to acquire, through one or more operations or a grant as collateral, 20% or more of the ordinary corporate capital represented by class O shares, or to obtain control of the bank (as defined below), must request authorisation from the CNBV, which it may grant subject to Banxico’s favourable opinion. In addition to the information required to acquire more than 5% of the ordinary corporate capital, the request for authorisation must include information on the proposed directors and principal officials, and the general functioning plan of the bank after the acquisition. Said plan must contain similar information to that presented when applying for the banking licence, and it must be accompanied by a strategic programme for the bank’s organisation, administration and internal governance.

Control is defined as the capacity to impose decisions on shareholders’ meetings, either directly or indirectly, or to exercise voting rights of more than 50% of the shares and to direct, whether directly or indirectly, the administration, strategy, or main policies of the bank through any legal means.

Authorisation to acquire 20% or more class O shares may take from 12 to 18 months. Timelines may vary based on the complexity of the acquirer’s corporate structure.

Note that besides the CNBV and Banxico, the Federal Economic Competition Commission (“COFECE”) may intervene in the acquisition process if antitrust laws are triggered.

Corporate governance requirements for banks are mainly focused on the board of directors, the CEO, committees established by the board of directors, and external auditors.

Board of Directors

The board of directors (BOD) oversees the bank’s administration, along with the CEO (director general), in their respective capacities. As such, the BOD must approve the bank’s main policies, including those that relate to the management of the bank’s human and material resources, its oversight and control mechanisms and, generally, to the destination of the bank’s capital in a way that best fits its corporate purpose.

The BOD must be comprised of five to 15 principal members, of whom at least 25% must be independent. For each principal member, a deputy director must be appointed. The LIC imposes certain requirements for directors’ eligibility, mainly that they must have the professional and moral qualifications, a satisfactory credit standing, and extensive knowledge in financial, legal or administrative matters. 

The BOD must meet at least on a quarterly basis and may hold extraordinary meetings when summoned by the BOD’s president or at least 25% of its principal members. The quorum for each session is at least 51% of the BOD members, with at least one independent member present.

Additionally, the board is required to establish the following advisory committees that report to it, and to receive the CEO’s policy proposals before approval, in some instances through the committees, thereby enabling it to fulfil its duty of care by being properly informed and advised on its decisions.

Advisory Committees

Risk Committee

This committee comprises at least two principal members of the BOD, the CEO, the internal auditor, and the officer responsible for risk management. It must be independent of the bank’s business units.

It oversees and manages the bank’s risk level exposures, by proposing risk management guidelines to the BOD for approval, including desired levels of exposure and contingency plans that should be triggered in case of contingencies that deviate from the bank’s desired risk exposures, and by approving risk monitoring methodologies presented to it by the CEO.

Audit Committee

This is comprised of at least three directors, of whom the majority must be independent. It is in charge of submitting the following, among other things, to the BOD for approval – the internal control system, the code of conduct, the organisational chart, and the appointment of the internal auditor who oversees the internal audit department, which must be independent of other business units. It also oversees compliance with the internal control system and reports to the BOD. Subject to certain requirements, the Audit Committee may conduct the functions of the Remunerations Committee.

Remunerations Committee

At least two principal directors must participate in this committee. Its main function is to propose remuneration policies and procedures, and amendments to these for the BOD’s approval. It must also periodically inform the BOD about the functioning of the remunerations system. (For further information, see 4.3 Remuneration Requirements.)

Credit Committee

While the LIC and CUB do not prescribe how this committee should be formed, the law makes references to its existence. The CUB implies that either the Risk Committee or the Audit Committee may assume the role of a Credit Committee. Its main functions are to ensure that the credit manual prepared by the CEO complies with the credit policies approved by the BOD, and to approve and submit related third-party transactions above a certain threshold for the BOD’s approval. An ad hoc committee may also be created to approve related party transactions between certain levels provided by the LIC.

Communications and Control Committee

The Communications and Control Committee is formed by at least three members of the BOD and must include members of the C-suite. It must convene monthly to discuss and establish risk assessments, anti-money laundering training programmes, and the creation of the compliance manual (see 5.1 AML and CFT Requirements).

Additionally, banks are subject to audits of their financial statements and internal control systems by external auditors, who are subject to certain eligibility requirements and who are appointed by the general shareholders’ meeting.

Within the application for a banking licence, authorisation is required from the CNBV for the appointment of directors, a CEO, and the senior officers in the two levels under the CEO, and to acquire 20% or more of the ordinary corporate capital of a bank. In other circumstances, the appointment of new directors and officers must be notified to the CNBV within five days of the relevant appointment, accompanying the affidavit described below.

Members of the BOD are appointed by general shareholders’ meetings and must meet the following requirements:

• They must demonstrate knowledge in financial and administrative fields. Such knowledge may be evidenced by the previous rendering of services in high level positions related to such fields, and recommendation letters, certificates, diplomas, or any kind of document that acknowledges their abilities and knowledge.
• They must have an appropriate credit history and appropriate business history and they must be honourable. This may be evidenced with a credit report issued by a credit bureau that contains credit background for at least the last five years, a self-declaration under oath stating honourability, and personal references issued by people with whom the proposed member has previously worked, attesting to their good reputation.
• They must deliver an affidavit stating:
1. that they have no pending litigation with the bank;
2. that they have not been sentenced for economic crimes, declared unfit to exercise commerce or to occupy any position in the public sector or the Mexican financial system;
3. that they are not bankrupt or insolvent;
4. that they do not currently occupy government positions related to the supervision of banks; and
5. that they are not members of the BOD of another bank.
• The majority of directors must reside in Mexican territory.

Similarly, independent members are appointed by the shareholders’ meeting, and must meet all requirements described above, in addition to having an independent nature, meaning that they do not have any professional, familial or commercial relationship with stakeholders, shareholders or directors of the bank.

On the other hand, in addition to the requirements described under the third bullet above, the officers in the two levels under the CEO, and the CEO, must have at least five years’ experience in high-level positions that require financial and administrative knowledge, as well as reside in Mexico.

Banks must have a remuneration system in place that is consistent with effective risk management. The system must consider the risks that the bank, each of its internal units, and the employees who are subject to such system face, to aid in the determination of ordinary and extraordinary compensations to which each will be subject. The foregoing remuneration system is proposed by the Remuneration Committee to the BOD, which is the body that has the authority to approve it.

The goal is to award specific remuneration mechanisms that are tailored to each risk profile. To this end, the system must identify responsibilities for each role, and establish policies and procedures that regulate ordinary and extraordinary remunerations. For example, as it relates to extraordinary compensations that may be based on performance reviews, the system must consider a reasonable timeframe, usually longer than a year, so it may have visibility of present and future risks, cost of capital, the bank’s liquidity, and other variables, such as compliance with internal control mechanisms by the respective person or unit, to determine the available remuneration.

Additionally, the system must be flexible enough to allow a reduction or suspension of extraordinary compensations when the bank faces losses or risks materialise in a way that is greater than expected.

Banks must always have back-up documentation of the remuneration system, available to be reviewed and analysed by the Remuneration Committee and the Internal Risks Department. Information regarding said system must also be available to the public on the bank’s website, including the remuneration structure, adjustments to it and the impact that each of the risks considered has on the remuneration amount.

Pursuant to the LIC, banks are required to establish measures and procedures to prevent and detect operations related to money laundering, and to identify its clients or users in accordance with the AML Rules. Some of these requirements include implementation of KYC policies and corporate governance obligations, as well as book and record-keeping rules, and reporting requirements.

KYC Policies

According to the AML Rules, banks must hold information about the identity of their clients or users. To this end, banks must request multiple documentation from those persons. The information the banks must request varies depending on the operation or transaction that is being executed; whether it is remote or in person; the amount of such transaction; whether the executing party is an individual, legal entity or trust; whether such individual or entity is Mexican or foreign; the professional activities of the client or user; and the currency of the transaction; among other factors. Mexico therefore follows a risk-based approach to AML requirements, making an effort to comply with Financial Action Task Force (FATF) standards.

In every scenario, banks must attempt to identify the ultimate beneficiary of each transaction. After identification has taken place, banks must verify said information against public databases, in accordance with the nature of the documentation presented.

Corporate Governance Obligations

As mentioned in 4.1 Corporate Governance Requirements, banks must have a Communications and Control Committee. Its responsibilities are to approve the compliance manual, analyse the results of internal or external audits regarding AML issues, establish the criteria to classify clients according to the level of risk they represent, and approve employee training programmes, among other important functions.

Banks should also designate a compliance officer, who liaises with the authorities and complies with the reporting requirements mentioned below, as well as an internal auditor. The BOD plays an important role in approving policies proposed to it by the committee and, overall, in designing the bank’s general strategies.

Reporting Requirements

The AML Rules require banks to submit to the Ministry of Finance through the CNBV, the following reports regarding its clients, directors, officers, employees and agents:

• A Relevant Transactions Report, to be filed quarterly within the first ten business days of each quarter. Transactions over USD7,500 are considered relevant.
• Cash transactions in USD, to be filed quarterly within the first ten business days of each quarter.
• Cashier’s check transactions over USD10,000, to be filed quarterly within the first ten business days of each quarter.
• Transactions using cryptocurrency, to be filed quarterly within the first ten business days of each quarter.
• Cross-border transactions, to be filed monthly, with the details of cross-border transactions greater than USD1,000.
• An Unusual Transaction Report, to be delivered within three days of a transaction identified as such. Discretion is granted to banks to identify a transaction as unusual, considering criteria detailed in the AML Rules. An unusual transaction is identified as one that deviates from the client’s historic transactional profile.
• An Internal Suspicious Transactions Report, to be delivered within three days of a transaction being identified as such. Discretion is granted to banks to identify an internal transaction as suspicious, considering criteria detailed in the AML Rules. These are identified as conduct of the bank’s employees or personnel that could infringe the rules of the AML and CFT framework.

The Bank Savings Protection Law regulates the depositor protection regime in Mexico, which is administered by the Institution for the Protection of Bank Savings (Instituto para la Protección del Ahorro Bancario – IPAB).

The bank liabilities that this regime covers are clients’ demand, fixed term, withdrawable on predetermined days, and savings deposits, as well as the bank’s acceptance of loans and credits. These liabilities are covered for up to 400,000 investment units (UDIs) (equivalent to approximately USD170,000) per person’s receivable covered assets per bank.

Operations not covered by the depositor protection regime are:

• obligations payable to national or foreign financial entities;
• obligations payable to any entity that is part of a financial group of which the bank is a part;
• liabilities documented in negotiable instruments, or bearer notes;
• deposits or obligations payable to the bank’s shareholders, and directors or officers within the two highest levels of the bank; and
• bank liabilities that are not compliant with legal, regulatory or practice requirements, in which the beneficiary acted in bad faith, and any operation related to illegal acts or transactions.

Upon insolvency, resolution and payment of the covered amounts, the IPAB will subrogate the covered parties’ rights, and will have direct claims against the bank for the covered amounts. Notwithstanding, the covered parties will retain their claim to uncovered amounts.

Aside from the foregoing, the depositor protection regime is funded by banks through the payment of ordinary quotes to the IPAB, as determined by its board, which may not be less than four per thousand (0.004), over the amount of the respective bank’s liabilities. These ordinary quotes may vary among institutions based on the risk exposure of each. Additionally, the IPAB may require payment of extraordinary quotes when its financial situation so demands. In these cases, extraordinary quotes may not exceed three per thousand over the respective bank’s liabilities.

The sum of ordinary and extraordinary quotes may not exceed eight per thousand over the banks’ liabilities. The funds of the depositor protection regime must be invested by the IPAB in highly liquid government bonds or in Central Bank deposits.

Banks in Mexico are subject to strict bank secrecy requirements. Pursuant to the LIC, all information and documentation in the banks’ possession relating to their customers’ banking operations and services, including accounts, deposits, trusts and credits, may not be transmitted to anyone other than the depositor, debtor, holder, beneficiary, grantor, trustee, principal, or expressly authorised legal representatives.

Banks, their employees, officers, and third-party service providers, are responsible for safeguarding said information and may be subject to fines, and in certain cases even criminal liability, for violation of bank secrecy requirements. Bank fines may range from 30,000 to 100,000 Update and Measure Units (Unidades de Medida y Actualización), which amount to approximately USD172,900 to USD576,300. Employees and officers may be liable for the damages and lost profits caused by such a breach, and may be removed from their position, and suspended from performing similar functions in other banks by order of the CNBV.

The LIC provides some exceptions to the bank secrecy requirement, mainly:

1) It allows the exchange of information between banks in strict compliance with the mechanism described in the AML Rules, for AML and CFT purposes.

2) It imposes upon banks the obligation to share protected information when so required by a judiciary authority, in connection with any stage of a judicial proceeding to which the principal of the information is a party.

3) When banks receive information requests from the following authorities, only in the following cases:

(a) the attorney general, to prove criminal activities;

(b) the state general prosecutors, to prove criminal activities;

(c) the federal tax authorities, for tax purposes;

(d) the Ministry of Finance, for AML and CFT purposes;

(e) the federal treasurer, to obtain account statements or any other information regarding personal accounts or government officials and related persons;

(f) the Superior Audit Office of the Federation, to revise and audit government accounts;

(g) the secretary and deputy secretaries of the Office of the Comptrollership, to audit and verify the evolution of public officials’ estates, while exercising its investigative and audit authority; and

(h) the National Electoral Institute’s department in charge of auditing political parties’ funds, in exercise of its authority.

Note that recently the Mexican Supreme Court of Justice, as the highest judiciary authority in Mexico, issued a jurisprudence that has binding legal effects at a national level, declaring rule 3(a) above unconstitutional, and therefore unenforceable. It states that authorities may not request protected information as proof of criminal activities without a judicial warrant. Therefore, it is likely that rule 3(b) above will soon be declared unconstitutional as well.

Authorities must also maintain the confidentiality of the protected information they receive in the exercise of their functions and use the information only for the purposes that prompted them to request it within the scope of their legal duties. Government employees are liable during and after their tenure, and may be subject to administrative, civil and criminal liability for infringement of their confidentiality obligations.

As an exception, said authorities may share the information with foreign authorities of jurisdictions with which Mexico has an exchange-of-information reciprocal agreement.

Capital Requirements

For clarity purposes, banks’ capital requirements are divided here into two categories: (i) minimum capital requirements; and (ii) net capital integration requirements.

Minimum capital requirements

Through the LIC and CUB, Mexico follows the approach established for bank capitalisation in the Basel III standard. In this regard, a minimum capital adequacy ratio (“ICAP”) of 8% is required, along with a conservation buffer integrated by Common Equity Tier 1 Capital (as described below) of 2.5% of the total risk-weighted assets (“TRWA”). In other words, a total of 10.5% of the TRWA.

The TRWA represents the sum of a financial institution’s assets and operations subject to credit, market and operational risk, to which a risk weight is applied accordingly. In other words, the higher the risk of the asset or operation, the higher the risk weight, and therefore, the less the asset’s value will be reduced compared to one with lower risk. Consequently, it will contribute more to the TRWA. Moreover, the higher the TRWA amount, the greater the capital requirements. There are various factors and methodologies considered in calculating credit, market and operational risks and assigning risk weights to each asset or operation according to the regulation, such as the type of operation, counterparty nature, credit rating, maturity, collateral, etc.

ICAP is the result of dividing net capital by the TRWA, expressed as a percentage, and the conservation buffer is the result of multiplying 2.5% by the TRWA. Hence, the 10.5% minimum capital requirement is determined in relation to the TRWA.

Additionally, the CUB imposes a requirement to maintain a counter-cyclical capital buffer in cases where the CNBV deems it necessary, when private sector financing shows higher growth compared to the economy. However, the calculation of this buffer is based on a formula composed of variables that are subject to change, making it difficult to precisely determine the resulting requirement amount.

Lastly, two additional capitalisation requirements are imposed on domestic systemically important banks (“D-SIBs”):

• A capital conservation buffer that ranges from 0.60% to 2.25%.
• Supplementary net capital (“TLAC”) enables these banks to absorb losses and reduce dependency on public funds for bail-outs. Since 1 January 2023, pre-existent D-SIBs must maintain one quarter of 6.5% of the TRWA. As of 1 January 2024, D-SIBs will have to maintain one half of 6.5% of the TRWA. Full TLAC requirements will be in force after 31 December 2025.

The CNBV will classify a bank as a D-SIB when the bank’s potential failure to fulfil its obligations could pose a risk to the stability of the Mexican Financial System, a payments system, or the economy of the country. 

Net capital integration requirements

Regarding the integration of net capital, it should never be less than the capital requirements determined for credit, market and operational risk as per the CUB. For instance, the net capital required for credit risk would be the result of multiplying risk-weighted assets by credit risk by 8%, which relates to ICAP.

Furthermore, net capital must be composed of a basic part and a supplementary part. The basic part, in turn, must consist of a Common Equity Tier 1 Capital Ratio not less than 4.5% and a Tier 1 Capital Ratio not less than 6%, where each ratio is the result of dividing Common Equity Tier 1 Capital or Tier 1 Capital, respectively, by the TRWA.

The CUB itself specifies which concepts can be part of Common Equity Tier 1 Capital, those of Tier 1 Capital, and those of Additional Tier 1 Capital.

Risk management

In addition to the risk management guidelines that the bank must establish and follow, as stated in 4.1 Corporate Governance Requirements, the CUB states that entities must establish additional precautionary provisions beyond those required as a result of the credit portfolio rating process, up to the amount necessary to provide for 100% of those loans granted without the relevant credit reports or documents confirming compliance with their obligations.

Additionally, banks must keep their active operations diversified, for which they must determine the credit exposure they have with the same person or group of persons who represent a common risk. This is the regulation known as “large exposures to risk”. According to these rules, each of the large exposures the bank assumes regarding the same person or group of persons must not exceed the maximum limit of 25% of the bank’s core net capital.

Liquidity Requirements

The Bank Liquidity Regulation Committee, intergrating members of the Ministry of Finance and the Central Bank, is the authority in charge of outlining banks’ liquidity obligations in Mexico. Its members are the secretary of finance, the deputy secretary of finance, the president of the CNBV, the governor of the Central Bank, and two deputy governors of the Central Bank.

Both the Central Bank and the CNBV jointly issue the regulation on banks’ liquidity requirements according to the guidelines set out by the committee.

Mexico follows the Basel III framework and requires that banks measure their liquidity needs based on a liquidity coverage ratio (LCR) and a net stable funding ratio (NSFR).

LCR measures a bank’s ability to withstand short-term liquidity shocks or financial crises (30 days) by maintaining an adequate level of high-quality liquid assets to cover cash outflows during stress periods.

On the other hand, NSFR is designed to ensure that banks maintain a sustainable funding structure for their assets and activities, focusing on the balance between a bank’s available stable funding and its required stable funding. The goal is for banks to rely on stable, longer-term funding sources.

Additionally, banks must submit their contingency plans to the CNBV to re-establish their financial stability during stress scenarios that might affect their solvency or liquidity. The regulation provides hypothetical stress scenarios that must be addressed by banks in a manner consistent with the regulatory framework.

D-SIBs are required to update their contingency plans on a yearly basis and obtain approval from the CNBV, after receiving the opinion of the Central Bank, the Ministry of Finance and the IPAB, whereas non-D-SIBs are required to update such plans and request approval every two years.

Banks may fall below the statutory capital or liquidity requirement thresholds before entering a resolution process. The LIC and CUB have established certain capitalisation thresholds as indicators of banks’ solvency levels that work as alerts, reflecting the necessity to trigger certain actions to restore the banks’ financial situation. Likewise, the liquidity rules issued jointly by the CNBV and the Central Bank provide liquidity thresholds that serve the same purposes, with corresponding corrective measures.

Depending on the severity of the scenario, the bank could be subject to i) corrective measures, ii) a conditioned operation regime, or iii) a resolution process. Note that corrective measures will apply in the case of early alerts, and in ii) and iii) scenarios as well.

If corrective measures are imposed, a bank’s failure to comply with them could lead to the CNBV revoking its licence.

Conditioned Operation Regime

When a bank’s ICAP falls below the minimum required levels, if the bank so requests, the CNBV after receiving the opinion of the Central Bank and the IPAB may choose to apply a conditioned operation regime to the bank instead of revoking its licence. For this regime to apply, the bank’s shareholders are required to transfer 75% of the bank’s shares into an irrevocable trust and present a capital restoration plan to the CNBV. However, banks that do not comply with the minimum required core capital are not subject to the conditioned operation regime.

Regarding said trusts, shareholders will appear as first beneficiaries who may exercise corporate and monetary rights over their shares as long as the CNBV approves the capital restoration plan and complies with the minimum core capital, among others. Failure to comply with these requirements would cause the IPAB, as second beneficiary, to exercise those rights.

The trust will be extinguished when:

• the bank restores its capital to appropriate levels during three consecutive months;
• the IPAB’s board determines the resolution process and the shares in the trust are cancelled or sold, with the proceeds delivered to the shareholders; or
• the bank restores its capital to appropriate levels but requests its banking licence to be revoked before three consecutive months have elapsed, therefore triggering a resolution process.

Bank’s Resolution Process

A resolution process is defined in the LIC as the series of actions implemented by financial authorities directed to liquidate, in an orderly or swift manner, a bank with insolvency or liquidity problems that are affecting its financial viability, or, in extraordinary cases, to rehabilitate the bank. The authorities are obliged to act in the best interests of the depositors, the stability of the Mexican financial system, and the optimal functioning of the payment systems.

A resolution process may be triggered in two scenarios:

• When the CNBV has revoked a bank’s licence, in which case, the IPAB’s board will determine its administrative or judicial liquidation according to the law.
• When the Banking Stability Committee determines, before a licence revocation, that a certain bank’s failure to comply with its obligations (i) could negatively impact other banks or financial entities, in a way that could affect their stability or solvency, therefore creating a contagion effect within the financial system; or (ii) could create a risk for the optimal functioning of the payment systems (D-SIB classification). The committee will calculate the percentage of the bank’s liabilities, covered and uncovered, that would need to be paid to restore the bank’s financial health. Finally, it will determine whether a bail-out mechanism would be less costly than the damage the bank’s failure would cause.

In this scenario, after listening to the Banking Stability Committee, the IPAB’s board will determine the resolution process that will be initiated. Possible resolution procedures are:

• Rehabilitation of the bank through equity capital contributions provided by the IPAB or through loans granted by the IPAB.
• Liquidation, and transfer of the liquidated bank’s assets and liabilities to another bank that complies with all the regulatory capital requirements. If the liabilities are greater than the assets, the IPAB will pay that amount to the acquiring bank, and the liquidated bank will assume a liability before the IPAB for that amount. If the assets are greater, the acquiring bank will pay the difference to the liquidated bank.
• Liquidation and transfer of the assets and liabilities to a bridge bank organised and operated by the IPAB, to complete the liquidation process.
• Payment of the bank’s liabilities.

The transfer of assets and liabilities to an existing or bridge bank must be perfected the day after the Official Gazette publishes said transfer.

To date, Mexico continues to make an effort to align its banking and financial regulations with international standards and best practices, including the Key Attributes of Effective Resolution Regimes set out by the Financial Stability Board (FSB).

Risk-Free (RFR) Derived Term Rates

Banxico has issued a regulation project for public consultation through which it intends to calculate and publish daily risk-free (RFR) derived term rates at maturities of 28, 91 and 182 days. This is an effort to comply with the FSB recommendations regarding forward-looking risk-free, or nearly risk-free, term rates.

Card Payment Network Rules

The Card Payment Network Rules are expected to be amended in the short term, following the results of an investigation conducted by COFECE, which found potential barriers to competition in Mexico’s card payment sector. COFECE’s board of commissioners confirmed the absence of competitive conditions in the market of processing services provided by clearing houses in domestic transactions involving payments by credit or debit card in Mexico.

This reform may have an impact on banks that participate in the card payment network, as the dynamic between participants in the network, as well as interchange fees and other charges, may be modified.

Open Banking: Application Programming Interfaces (APIs)

Pursuant to the Law to Regulate Financial Technology Institutions (“the Fintech Law”), financial entities (including banks) will be required to establish standardised APIs enabling connectivity and access to other APIs developed or managed by other financial entities and specialised third parties in information technologies, for the purpose of sharing: (i) open financial data, (ii) aggregated data, and (iii) transactional data.

To date, the CNBV has issued rules regarding APIs that enable the transfer of open financial data. Rules covering the interconnectivity requirements of APIs to transfer transactional data are expected in the short term.

TLAC Phase-In

As covered in 8.1 Capital, Liquidity and Related Risk Control Requirements, as of 1 January 2024, D-SIBs will have to maintain one half of 6.5% of the TRWA, and full TLAC requirements will be in force after 31 December 2025

Financial Inclusion

During the 86th Annual Banking Convention in Mexico, top officials from Mexico’s leading banks recognised the importance of continuing the financial inclusion policies, by conveying the advantages of being part of the formal financial system, without causing panic regarding tax obligations. With Mexico still having a large percentage of unbanked population, it is paramount for the government and the Mexican Banking Association to keep promoting financial inclusion policies, especially considering the leaps fintech has made to include more of the financially active population. Therefore, a continuing pool of legal and regulatory initiatives may be expected to implement the National Financial Inclusion Policy (Política Nacional de Inclusión Financiera).

Modernisation of Current Legislation

The current focus of most legislation is on modernising access to digital banking systems, with the regulatory goal of reaching a banked population of at least 77% by 2024. This would mean a comprehensive reform of the current rules and regulations to allow for more competition in digital banking services compared to fintech companies operating within the regulated sector. This modernisation would of course be closely related to the financial inclusion goals.

Sustainability

Mexico’s Banking Association recently created an ESG commission, designed to incentivise and prioritise environmental, social and governance issues in banking. As a result of this, the banking sector has begun to address global sustainability issues, including climate change and social inequality, and emphasise the voluntary adoption of the Sustainable Financing Mobilisation Strategy, which aims to transform the Mexican financial system in terms of sustainability, equity and inclusiveness through increased sustainable financing, both public and private. It may be the case that these sustainability standards will eventually be translated into formal regulation.

There are currently no specific requirements applicable to banking activities related to environmental, social and governance matters. However, Mexico’s Banking Association recently created an ESG commission (see 10.1 Regulatory Developments).