Financial Services Regulation 2025

Last Updated November 20, 2025

Mexico

Law and Practice
Trends and Developments

Law and Practice

Authors

Pablo Perezalonso

Ricardo Calderón

Alejandro Mosqueda

Pablo Rueda

Ritch, Mueller y Nicolau, S.C. is a top-tier multidisciplinary transactional firm committed to offering high-value legal advice to national and international clients engaged in structuring, developing and financing private businesses and public sector projects in Mexico. The firm represents Mexican, international and multilateral banks, as well as other financial intermediaries in secured and unsecured, bilateral and syndicated lending transactions of different levels of complexity involving Mexican obligors or assets. Ritch Mueller has played a pivotal role in advising the majority of foreign financial institutions that have established subsidiaries in Mexico, guiding them through the authorisation processes. The firm extends advisory services to industry organisations such as ISDA and the Mexican Banking Association, particularly in derivatives transactions within the Mexican market.

1. Legislation

1.1 Key Financial Services Law

In Mexico, financial regulation is generally divided into:

federal laws;
general rules (disposiciones de carácter general);
regulations (Circulares); and
special laws and regulations.

The key pieces of financial services legislation are as follows; please note that this list is intended to be illustrative and not exhaustive.

Laws

The Ley de Instituciones de Crédito (“Banking Law”) is the primary law applicable to Mexican banks and foreign branches of banks (filiales) in Mexico. It outlines the requirements for the establishment, operation and supervision of banks in Mexico, and also includes provisions on allowed and prohibited transactions, corporate governance, risk management and consumer protection applicable to banks.
The Ley de Instituciones de Seguros y Fianzas (“Law of Insurance and Bond Companies”) sets forth the requirements for the establishment, operation and supervision of insurance and bond companies in Mexico. It also includes provisions on allowed and prohibited transactions, corporate governance, risk management and consumer protection applicable to insurance and bond companies.
The Ley de los Sistemas de Ahorro para el Retiro (“Law for Pension Systems”) sets forth the requirements for the operation, investment regime and supervision of the Mexican pension system, including provisions on allowed and prohibited investments, as well as requirements related to corporate governance and risk management.
The Ley del Mercado de Valores (“Securities Market Law”) sets forth requirements for the establishment, operation and supervision of broker dealers, stock markets, investment advisers, credit rating companies and issuers, among other institutions. It also includes provisions on allowed and prohibited transactions with securities, as well as corporate governance, risk management and consumer protection provisions applicable to these institutions.
The Ley de Protección al Ahorro Bancario (“Law for the Protection of Bank Deposits”) provides for a protection system for customers of the banking system, known as the Instituto para la Protección al Ahorro Bancario (IPAB), to ensure bank deposits are insured in case of concurso mercantil or bankruptcy.
The Ley de Ahorro y Crédito Popular (“Popular Credit and Savings Law”) sets forth the requirements for the establishment, operation and supervision of Sociedades Financieras Populares (Popular Financial Companies) and Sociedades Financieras Comunitarias (Community Financial Companies). It also includes provisions on allowed and prohibited transactions, corporate governance, risk management and consumer protection.
The Ley para Regular las Instituciones de Tecnología Financiera (“Fintech Law”) sets forth the requirements for the establishment, operation and supervision of e-wallets (instituciones de fondos de pago electrónico), crowdfunders (instituciones de financiamiento colectivo) and sandbox models (modelos novedosos) (together, “Fintech Companies”), as well as the requirements for transactions with virtual assets (activos virtuales). It also includes provisions on allowed and prohibited transactions for such entities and with such assets, as well as corporate governance, risk management and consumer protection provisions.
The Ley de Protección y Defensa al Usuario de Servicios Financieros (“Law for the Protection and Defence of Financial Services Users”) focuses on the protection of financial service users. It establishes the rights of consumers and the obligations of financial institutions, including transparency and fair treatment.
The Ley para la Transparencia y Ordenamiento de los Servicios Financieros (“Law for the Transparency and Order of Financial Services”) provides guidance and obligations for payment services providers and for institutions that grant credit, to ensure the transparency and efficiency of payment systems and protect the interests of the general public.
The Ley para Regular las Agrupaciones Financieras (“Financial Groups Law”) provides for the establishment of financial groups in Mexico. Financial groups are formed by a financial holding company and its subsidiaries, which are regulated financial companies. Financial groups are regulated and supervised by different authorities in Mexico, depending on the entities that comprise them.

Regulations

The Disposiciones de Carácter General Aplicables a las Instituciones de Crédito or Circular Única de Bancos (CUB or the “Banking Regulations”) is issued by the Comisión Nacional Bancaria y de Valores (the “National Banking and Securities Commission”, or CNBV), and contains most of the regulatory requirements applicable to banks in Mexico, including capital and liquidity requirements, corporate governance, financial reporting, risk management, operational requirements, technology requirements and the duties of senior management.
The Disposiciones de Carácter General Aplicables a las Casas de Bolsa (the “General Provisions Applicable to Broker Dealers”, or CUCB) is issued by the CNBV and contains most of the regulatory requirements applicable to broker dealers in Mexico, including capital requirements, corporate governance, financial reporting, risk management, operational requirements, technology requirements and the duties of senior management.
The Disposiciones de Carácter General Aplicables a las Instituciones de Tecnología Financiera (the “General Provisions Applicable to Financial Technology Institutions”, or CUITF) is issued by the CNBV and contains most of the regulatory requirements applicable to Fintech Companies, including capital requirements, corporate governance, financial reporting, risk management, operational requirements, technology requirements and the duties of senior management.
The Disposiciones de Carácter General Aplicables a las Entidades de Ahorro y Crédito Popular, Organismos de Integración, Sociedades Financieras Comunitarias, y Organismos de Integración Financiera Rural, a que se Refiere la Ley de Ahorro y Crédito Popular (CUSOFIPO) is issued by the CNBV and contain most of the regulatory requirements for Popular Financial Companies and Community Financial Companies.

Regarding the supervision authorities of banks, the Ministry of Finance (Secretaría de Hacienda y Crédito Público, or SHCP) bears the primary supervisory responsibility and is supported by an autonomous agency functionally attached to it, the CNBV, which regulates banks, broker dealers and investment funds, among others. In addition to managing its normal central bank operations, Banco de México (“Banxico”) also regulates the deposit, lending and payment services and funding transactions of banks, as well as the foreign exchange and derivatives markets in Mexico.

Regarding Mexican authorities, the most relevant regulations are:

the Law of the National Banking and Securities Commission (Ley de la Comisión Nacional Bancaria y de Valores); and
the Law of the Mexican Central Bank (Ley del Banco de México).

2. Regulation

2.1 Regulatory Perimeter

The following products and services are regulated in Mexico (please note that this list is illustrative rather than exhaustive):

banking services;
derivatives;
insurance and bond companies;
retirement savings funds (AFOREs);
public and private securities offerings;
securities intermediation;
e-wallets;
crowdfunding;
payment acceptance services;
deposits; and
foreign exchange transactions.

2.2 Exemptions

Certain financial services are exempt from regulation by Mexican authorities, including:

granting credit or loans; and
issuing credit or debit cards.

2.3 Crypto-Assets

Crypto-assets are known in Mexico as “virtual assets” and are regulated through the Fintech Law and Banxico Regulation 4/2019.

Such regulations define a virtual asset as the electronic representation of value that is used by the general public as a means of payment for all sorts of legal transactions and whose transfer is only possible through electronic means. In general, neither local nor foreign currency, nor any other assets valued in local or foreign currency, are considered virtual assets.

Banks and Fintech Companies may only perform internal transactions when authorised by Banxico, and with the virtual assets that Banxico determines viable.

Transactions involving the purchase or sale of virtual assets are also considered vulnerable to money laundering. Therefore, any individual or company that performs such transactions, other than financial institutions, is required to comply with the obligations set forth in the Mexican Anti-Money Laundering Law.

3. Regulators

3.1 Primary Financial Services Regulators

The primary financial services regulators in Mexico are:

the SHCP;
the CNBV;
Banxico;
the Institute for the Protection of Bank Deposits (Institución de la Protección al Ahorro Bancario);
the National Commission for the Protection and Defence of the Users of Financial Services (Comisión Nacional para la Protección y Defensa de los Usuarios de Servicios Financieros, or CONDUSEF);
the National Commission for Insurance and Bond Companies (Comisión Nacional de Seguros y Fianzas, or CNSF); and
the National Commission for the Retirement Savings System (Comisión Nacional del Sistema de Ahorro para el Retiro, or CONSAR).

3.2 Rules and Guidance

Mexican regulators’ rules and guidance cannot all be found in one single location; Mexican authorities publish regulations, press releases, articles and other pieces of soft law relevant to financial institutions in the following sources.

The official websites of each authority:

Congreso de la República (Mexican Congress): www.diputados.gob.mx;
SHCP: www.gob.mx/shcp;
Banxico: www.banxico.org.mx;
CNBV: www.gob.mx/cnbv;
CNSF: www.gob.mx/cnsf;
CONSAR: www.gob.mx/consar;
CONDUSEF: www.condusef.gob.mx; and
IPAB: www.gob.mx/ipab.

The following websites also contain relevant regulations:

Normatividad CNBV (CNBV Regulations): www.cnbv.gob.mx;
Normativa CNSF (CNSF Regulations): www.gob.mx/cnsf;
Normatividad CONSAR (CONSAR Regulations): www.consar.gob.mx; and
Normateca del Instituto para la Protección al Ahorro Bancario (Regulations Library of the IPAB): www.gob.mx/ipab.

In terms of soft law, Mexican authorities seldom interpret Mexican regulations and publish their opinions through press releases or public documents. Most soft law is issued and received in private, through notices sent directly to financial institutions, so is not published nor available for public consultation.

When Mexican authorities do publish interpretations and other soft law, they are available through the following websites:

Comunicados de Prensa y Boletines Digitales de la CNBV (CNBV Press Releases and Digital Newsletters): www.gob.mx/cnbv;
Prensa CNSF (CNSF Press): www.gob.mx/cnsf; and
Prensa CONSAR (CONSAR Press): www.gob.mx/consar.

4. Areas of Regulatory Focus

4.1 Capital Adequacy

Mexico has implemented the Basel III reforms within the Banking Regulations, which are binding for all Mexican banks. The provisions of Basel III have been included within this regulation as part of the obligations and requirements that Mexican banks are required to meet in order to operate in Mexico.

4.2 Settlement

Mexico implemented the T+1 settlement cycle in May 2024, at the same time as the United States and Canada.

4.3 ESG

Certain financial services have rules related to ESG principles that are mandatory. AFOREs are required to include in their investment prospectuses how their investment strategy incorporates ESG factors and how these factors are applied to risk management.

In addition, the Mexican Financial Reporting and Sustainability Standards Board (Consejo Mexicano de Normas de Información Financiera y Sostenibilidad, or CINIF) issued the Financial Reporting and Sustainability Standards (Normas de Información Financiera y Sostenibilidad, or NIS), which have been mandatory since 1 January 2025 for entities that prepare financial statements in accordance with the Financial Reporting Standards of the CINIF, which includes financial institutions.

As far as is known, no enforcement actions have been taken against financial institutions with respect to ESG regulations. However, such regulations are relatively recent, so it remains to be seen whether Mexican authorities will conduct enforcement actions in connection therewith.

4.4 AI

Currently, there are no regulations or guidance related to the use of AI in Mexico. This lack of regulation extends to the financial system.

4.5 Fintech

In Mexico, the regulatory attitude towards fintech companies, products and services has changed drastically since 2019, when the Mexican congress passed and published the Fintech Law, which creates several new legal figures for rendering fintech services, including:

e-wallets (Instituciones de Fondos de Pago Electrónico);
crowdfunders (Instituciones de Financiamiento Colectivo);
sandbox models (modelos novedosos); and
virtual assets (activos virtuales).

Please note that the Fintech Law recognises only these institutions as fintech providers; any other services providers that label their products as “fintech” but are not authorised by the Mexican authorities are not considered for this guide.

In general, Mexican authorities have a positive outlook on fintech companies, with 86 Fintech companies having been authorised by Mexican authorities by the end of 2024.

4.6 Retail Banking and Vulnerable Customers

The CONDUSEF is the authority in charge of protecting customers, and is regulated under the Law for the Protection and Defence of Financial Services Users. The CONDUSEF publishes certain information received from financial institutions, as well as educational tools, to assist customers in making the best decisions possible. Such protection extends to all customers, regardless of whether they are considered vulnerable or not.

The CONDUSEF also receives complaints against financial institutions from customers, and may subsequently begin a mediation process or, where applicable, may impose penalties against financial institutions.

4.7 Shadow Banking

Shadow banking is currently permissible in Mexico for certain financial services but is restricted for others, which are more strictly supervised.

Non-financial institutions are allowed to provide loans and credit without requiring a licence, registration or authorisation from the Mexican authorities. These activities include issuing credit cards. The private placement of securities, under certain requirements, can be performed by any person.

However, most financial services in Mexico are regulated, including investment banking, securities intermediation, payment systems and wallet services, and are thus allowed only for Mexican financial institutions.

5. Authorisation

5.1 Process

The authorisation process in Mexico varies depending on the financial institution seeking authorisation, but the process can broadly be divided into:

financial institutions that require an authorisation; and
financial institutions that require a registration.

Authorisation

The process for financial institutions that require an authorisation is, generally, as follows.

A company incorporated in Mexico, or a foreign entity that intends to incorporate an entity in Mexico, must request a meeting with Mexican authorities to present its project. Such meeting will give input on the view of the authorities.
Simultaneously, with the help of local legal and business consultants, the necessary documents in terms of Mexican law should be drafted before the submission of the authorisation request. These documents include legal, business, financial, operative, compliance and technological manuals and processes.
Once the initial authorisation request is submitted, Mexican authorities will send notices to the interested party, with comments and observations related to the documents submitted. These notices can be as many as the authorities deem necessary.
Once the interested party has fulfilled all the requirements set by the Mexican authorities, an authorisation will be granted by such authorities. This initial authorisation is contingent on the interested party implementing the mechanisms outlined in its manuals. Such mechanisms will be audited by the Mexican authorities to ensure they are adequate for safeguarding the interests of the customers, as well as the Mexican financial system.
The Mexican authorities will grant a second authorisation to begin operations once they have ensured that the interested party has duly implemented the mechanisms necessary for performing the services as the financial entity for which it requested the authorisation.

Registration

The process for financial institutions that require a registration is, generally, as follows.

A company incorporated in Mexico, or a foreign entity that intends to incorporate an entity in Mexico, should draft the necessary documents in terms of Mexican law, with the help of local legal and business consultants, before the submission of the registration request.
Once the initial authorisation request is submitted, Mexican authorities will send notices to the interested party, with comments and observations related to the documents submitted. These notices can be as many as the authorities deem necessary.
Once the interested party has fulfilled all the requirements sent by the Mexican authorities, the registration will be granted by such authorities.

5.2 Timelines and Fees

The timeline for an authorisation or registration varies drastically from financial institution to financial institution, as well as from interested party to interested party. As a reference, the process for relatively simple financial institutions (in terms of the products and services they render) can take as little as six to eight months, while the most sophisticated may take anywhere from 12 to 18 months.

5.3 Direct/Personal Regulation

Senior individuals within authorised financial services firms are subject to direct regulation. Before their designation as such, senior individuals (ie, the chief executive officer and officers within the two hierarchies directly below such officer) are required to prove their expertise, creditworthiness and reputation before the Mexican authorities can authorise their designation.

Once such officers are designated, they are not regulated directly but they are required to act within the boundaries of Mexican law. When officers are in violation of Mexican law, whether wilfully or through negligence, certain penalties can be directly imposed on such officers.

6. Looking Forward

6.1 Financial Services Reforms

No material financial services reforms are currently expected for the Mexican financial system.

Ritch, Mueller y Nicolau, S.C.

Av. Pedregal No. 24, 10th Floor
Molino del Rey
11040 Mexico City
Mexico

(52) 55 9178-7000

sgarcia@ritch.com.mx / lbermudez@ritch.com.mx www.ritch.com.mx

Trends and Developments

Authors

Pablo Perezalonso

Ricardo Calderón

Alejandro Mosqueda

Pablo Rueda

Regulatory Routes for New Fintech Players Entering the Mexican Market

Mexico’s financial ecosystem has opened dramatically to new players over the past decade, with global and regional fintech innovators now competing alongside established traditional institutions. Household names in digital finance – such as Nubank, Revolut and MercadoPago, among many others – are building on the country’s rapid adoption of mobile payments, e-commerce and digital credit. Domestic wallets and non-bank lenders are also scaling up, meeting consumer demand for simpler accounts, instant payments and flexible credit. All these developments have helped to reduce Mexico’s deficit in financial inclusion.

These new entrants have arrived through different legal avenues. Some have started out as Electronic Payment Funds Institutions (Instituciones de Fondos de Pago Electrónicos, or IFPEs) that issue and manage digital wallets and payments, while others have formed or acquired non-bank entities known as Sociedades Financieras de Objeto Múltiple (SOFOMs) that provide credit and related services, or popular financial institutions known as Sociedades Financieras Populares (SOFIPOs) that combine deposit-taking with retail lending under a tiered operating framework. A smaller but growing cohort has pursued full banking licences as commercial banks, known as Instituciones de Banca Múltiple (“banks”), enabling them to intermediate deposits at scale, offer broader services and integrate deeply with Mexico’s financial infrastructure.

This article will explain how these four alternatives (banks, SOFOMs, SOFIPOs and or IFPEs) compare in scope, regulation and strategic fit. It highlights why many serious players initially choose non-bank paths to enter the market, and why the ability to do more under the banking regime ultimately makes a bank licence the best route for those seeking long-term breadth, credibility and scale.

The preferred routes: what new entrants choose first

Unless they are either a bank established abroad or a very big player, new players rarely begin as banks. Instead, they choose narrower and faster paths.

IFPE for digital wallets and payments

The IFPE regime was designed specifically by the Fintech Law (Ley para Regular las Instituciones de Tecnología Financiera) for electronic payments, enabling institutions to issue, manage, redeem and transfer electronic funds, connect to payment systems, and operate through apps and online channels.

The authorisation process is substantial, but mainly made for payments. Once authorised, IFPEs may seek further approvals to operate in foreign currency wallets, cross-border transfers or virtual assets, or to rely on critical vendors and cloud or data providers.

IFPEs cannot pay interest on deposits, and their ability to fund loans is restricted. IFPEs are also required to comply with strict anti-money laundering and counter- terrorism financing (AML/CFT) obligations in order to obtain their IFPE licence. Such obligations include:

drafting and implementing an AML/CFT manual, which must include an assessment with a risk-based approach;
drafting know-your-customer (KYC) policies to adequately identify customers;
designating a compliance officer who is duly certified by Mexican authorities;
drafting an assessment to classify customers based on their risk degree;
having an internal communications and control committee to supervise the activities of the compliance officer and the compliance department;
implementing procedures to vet employees and procedures to train employees on the obligations of the IFPE, as well as their personal obligations relating to AML/CFT matters;
implementing an automated system that allows the IFPE to monitor customers’ transactions, issue alerts when certain thresholds are exceeded, and build a customer transactional profile;
reviewing the blocked persons list before executing any agreements with potential customers; and
delivering the reports required for cash transactions, international transactions, transactions with virtual assets, unusual transactions and internal concerning transactions (together, the “AML/CFT Obligations”).

SOFOM for credit-first models

SOFOMs are created under the Ley General de Organizaciones y Actividades Auxiliares del Crédito (the “Ancillary Law”) and specialise in lending and related activities such as factoring and leasing. They exist in regulated and non-regulated forms. A non-regulated SOFOM (ENR) offers operational flexibility to launch credit products quickly, while a regulated SOFOM (ER) operates within the banking group framework and follows for stricter oversight.

For retail or merchant-focused lenders, SOFOMs are a natural entry point for issuing loans, cards linked to credit lines, or payroll products. SOFOMs cannot take deposits and are funded by obtaining loans or by issuing securities.

Before obtaining the licence to operate as a SOFOM, such entities are required to request a favourable opinion from the CNBV with respect to their AML/CFT obligations. Such opinion is issued by the CNBV once it ensures that the SOFOM complies with the AML/CFT Obligations; however, SOFOMs are not required to have a certified compliance officer and may designate a member of the communications and control committee as such.

SOFIPO for deposit-and-credit retail models

SOFIPOs are created by the Ley de Ahorro y Crédito Popular (the “SOFIPO Law”), originally with the aim of financially including certain sectors of the population that originally did not have access to credit (such as farmers or workers). They combine deposit-taking with lending for retail customers under a tiered system of permitted activities. Higher-level SOFIPOs can issue credit instruments, operate treasury services and expand products by levels (I–IV).

Because SOFIPOs are basically a shadow banking entity, they require comprehensive manuals, governance and technology controls; they also involve affiliation and oversight processes unique to their ecosystem. SOFIPOs are also required to comply with strict AML/CFT obligations in order to obtain their SOFIPO licence. SOFIPOs are required to comply with the AML/CFT Obligations; however, the number of different transactions that SOFIPOs are able to perform means that their AML/CFT manual must be more comprehensive and account for all the activities and services the SOFIPO offers.

Bank for full-service intermediation

Mexican banks are created under the Ley de Instituciones de Crédito (the “Banking Law”) and can perform the widest set of operations under Mexican law, such as taking all kinds of deposits, granting and syndicating credit, issuing bonds and subordinated debt, entering into foreign exchange transactions, entering into derivatives and repo transactions, acting as trustees, distributing payment means, and more.

This alternative is longer and more complex to implement, demanding significant capital, governance and technology, and a formal two-step authorisation (incorporation and operational approval). However, the prize is unmatched breadth and credibility, as Mexico is a primarily banking-focused economy. Mexican banks are also required to comply with the AML/CFT Obligations; however, the amount of different transactions that banks are able to perform means that their AML/CFT manual must be more comprehensive and account for all potential activities and services that the bank offers.

Early-stage choices reflect strategy and readiness

A wallet-focused fintech may prioritise IFPE authorisation to prove its payments model and onboard users rapidly. A digital lender may opt for a SOFOM to launch credit products and iterate on underwriting. A player aiming at deposit-plus-credit in underserved segments may favour a SOFIPO to offer savings, transfers and loans in an integrated way. As these models grow, many ultimately seek to transform into or establish a bank to capture broader services and scale.

Similarities and differences: bank, SOFOM, SOFIPO, IFPE

Although they serve overlapping customer needs, these four vehicles differ in the scope of permitted activities, regulatory burden, capital and governance, and lead times for authorisation. The following comparison highlights core features in plain terms.

Purpose and core activities

Banks provide the full banking service:

receiving public deposits of all types;
granting and syndicating loans;
issuing bank debt;
operating payments and cards;
foreign exchange transactions;
performing trust, trustee and custody services, engaging in derivatives; and
connecting comprehensively to the central bank’s payment systems.

They are the only entities that combine broad deposit-taking with unrestricted credit intermediation and market operations.

SOFOMs focus on credit. They grant loans, conduct financial factoring and may engage in leasing. A SOFOM ENR is operationally nimble and suited for launching lending products quickly, but it does not take deposits from the public.

SOFIPOs combine deposits and credit for retail clients with a graduated ladder of permitted services by level. As they progress through levels, SOFIPOs may offer payroll services, facilitate leases, issue credit instruments and cards, guarantee third-party obligations and perform treasury functions, subject to prudential rules and oversight specific to their framework.

IFPEs issue and manage electronic funds through wallets and can perform payments, transfers and related services through digital channels. They are specialised for payments and non-cash value in accounts, and may request further approvals for cross-border and foreign currency operations, or for critical outsourcing arrangements.

Regulatory burden, capital and governance

Banks face the most comprehensive oversight. They must meet higher minimum capital requirements, maintain robust risk, AML/CFT, credit and operational frameworks, and obtain an initial incorporation authorisation followed by an operational approval once systems and manuals are fully implemented and tested. Boards must include independent directors, and specialised committees oversee audit, risk, credit, remuneration and communication.

SOFIPOs are closely supervised, operate within a federated oversight model, and must submit detailed programmes of operation, technology, risk and AML/CFT, as well as multi-year financial projections. They are subject to dividend restrictions in early years and careful capital adequacy requirements by level.

IFPEs require extensive technology, security and operational controls, including manuals addressing onboarding, authentication, information security, business continuity, AML/CFT and vendor oversight. Additional approvals are needed for foreign currency wallets, cross-border transfers, virtual assets and critical outsourcing. Furthermore, IFPEs cannot pay interest on deposits, and their ability to fund loans is restricted.

SOFOMs have lighter entry requirements than banks, SOFIPOs and IFPEs, especially in the non-regulated form, making them attractive for rapid credit deployment. However, SOFOMs cannot take deposits and are funded by granting loans or by issuing securities. In addition, they still must comply with transparency, consumer protection, AML/CFT and sector rules relevant to their activities.

Speed to market and evolution path

IFPEs and SOFOM ENRs are often fastest for a first launch, aligning with payments and lending business models, respectively.

SOFIPOs require deeper preparation and co-ordinated oversight but enable deposit-plus-credit under a controlled, progressive framework.

Banks take longer due to dual authorisation (Banxico and CNBV) and greater scrutiny, including capital deposits with the treasury to guarantee seriousness, and regulatory inspections of technology and connections to payment systems prior to final operational approval.

These differences shape the route for players like Nubank or Revolut. For example, a global wallet provider may begin as an IFPE to establish payments presence and then consider expanding to credit through a SOFOM or by transforming into a bank. A credit-first fintech might build scale as a SOFOM and migrate to a bank to add deposits and broader services. A player targeting inclusive finance might launch as a SOFIPO to combine savings and loans and later pursue a bank licence to broaden offerings and increase deposit safeguards.

See this table for a breakdown.

Why banks ultimately do more

For serious players with long-term ambitions, banking confers three decisive advantages: breadth, credibility and integration.

Banks can combine the full spectrum of services – such as deposits, payments, credit, investments and trustee activities, securities markets transactions, foreign exchange, repos and derivatives – into seamless products for individuals and businesses. This enables richer propositions:

salary accounts linked to credit cards and instant loans;
treasury services for merchants;
derivative hedges; and
comprehensive custody and trustee offerings.

Non-bank paths fragment this stack:

an IFPE excels at payments but must partner or transform to add credit;
a SOFOM is strong in lending but lacks deposits; and
a SOFIPO offers deposits and credit with tiered limits and narrower market operations.

Only banks unify the full scope under one roof.

The banking licence signals stronger prudential oversight, higher capital commitments, independent governance and deeper risk controls. For customers, that means confidence in deposit protection, stronger safeguards and institutional durability. For counterparties and regulators, it means a tested operating environment that can shoulder systemic responsibilities, which take relevance as volumes and complexity grow.

Banks connect deeply to Mexico’s financial infrastructure, including payment systems managed by the central bank, and can access or issue a broad range of instruments. Operational approvals require end-to-end technology readiness and vendor governance. While IFPEs and SOFIPOs do connect to relevant systems, banks have the most comprehensive integration and the fewest structural barriers to layering services.

These factors explain a common trajectory: start where product-market fit is clearest (payments via IFPE, lending via SOFOM, savings-plus-credit via SOFIPO), then migrate to a bank to unify services and scale. Transformations from SOFIPO to bank are feasible within Mexico’s legal framework and benefit from continuity of customers, systems and vendor relationships, subject to upgraded controls, capital and governance.

Practical considerations for each alternative

For IFPEs, the relevant issues are operational and technological. IFPEs must prove the robustness of their platform, authentication methods, information security, disaster recovery and vendor oversight. They may seek additional authorisations for foreign currency wallets, cross-border transfers and critical providers. The business plan and financial projections should demonstrate capitalisation and operating viability, while governance and compliance must include certified AML officers and, where applicable, communications and control committees.

For SOFOMs, the focus is on lending discipline and consumer protection. Clear credit policies, transparency in interest and fees, compliant contracts and AML measures are foundational. Funding strategy, such as lines of credit, securitisations or equity, must match growth plans. Where a SOFOM operates within a banking group (ER), governance and prudential requirements increase. For non-regulated SOFOMs, speed and flexibility are advantages, but credibility and access to deposits remain limited.

For SOFIPOs, planning centres on level-appropriate products, capital adequacy, detailed manuals for credit, deposit-taking, control and risk management, and affiliation or auxiliary supervision processes. Technology readiness and data integrity controls are vital, and dividend restrictions in early years shape capital planning. SOFIPOs can scale product scope progressively, enabling a measured growth path before transforming to a bank.

For banks, preparation is comprehensive:

shareholders’ information and origin-of-funds checks;
minimum capital and treasury deposits to guarantee seriousness;
detailed statutes, committees, manuals and controls;
multi-year financial projections; and
full technology integration.

The process involves an initial incorporation authorisation and a final operational approval after systems are inspected and live connections to payment systems are verified. The board must include independent directors, and management must meet technical, honourability and experience standards.

Bringing it together: how global players choose

For a wallet-first global fintech, it will be best to launch an IFPE to issue a digital account with instant payments, bill pay and card rails, acquiring millions of users. To extend into credit, it adds a SOFOM (often ENR) or restructure toward a SOFIPO. When it seeks savings accounts, broader lending and institutional partnerships, it pursues a bank licence to unify services and deepen trust.

A credit-first innovator starts as a SOFOM, perfecting underwriting and collections in merchant or consumer niches. As demand grows for deposit accounts and more comprehensive services, it migrates toward a bank structure to stabilise funding via deposits, broaden product scope and access market operations.

An inclusion-focused player begins as a SOFIPO to serve retail customers with savings and loans under strong protections. With scale, it transforms into a bank to increase deposit safeguards, add credit cards, enhance treasury services and integrate with more complex instruments and payment means.

Each route aligns with a phase of growth. The step to banking is the inflection point at which ambitions move from a single product to a full financial relationship.

Conclusion: banks do more and are the best route for serious players

Mexico’s regulatory architecture offers multiple on-ramps for fintech innovation. IFPEs deliver payments at scale; SOFOMs power credit-first growth; and SOFIPOs combine savings and lending under tiered prudence. These regimes are invaluable for market entry and iteration. Yet for serious players, such as those who plan to serve the general public comprehensively, build durable trust with depositors, partner with enterprises and integrate fully with financial infrastructure, the bank licence is the destination.

Being a bank allows an entity to do more things, in more ways, for more customers. It unifies deposits, payments, credit, trustee services and market operations, enabling richer propositions and faster innovation once the foundation is built. It carries higher expectations of capital, governance and controls, but those expectations translate into credibility and resilience. In a market where the winners will be those who can offer a complete financial relationship safely and at scale, the banking route is the best path forward.