FinTech 2019

Last Updated June 06, 2019

Mexico

Law and Practice

Authors



Ritch, Mueller, Heather y Nicolau, S.C. has 20 partners and 106 lawyers, who between them speak English, French, German and Spanish. Their key practice areas are capital markets, banking and finance, financial Institutions, corporate governance and compliance. The firm is assisting several Fintech entities in their authorisation processes with the CNBV.

The most significant evolution in Mexico was that the Law regulating Financial Technology Institutions (the Mexican FinTech Law) became effective on 10 March 2018. In addition: (i) the National Banking and Securities Commission (the CNBV) issued on 10 September 2018 the General Rules Applicable to Financial Technology Institutions (the FinTech General Rules); (ii) Banco de México, Mexico’s central bank issued on the same date Circular 12/2018 regulating the operations of electronic payments companies; and (iii) the Ministry of Finance issued the general provisions referred to in Article 58 of the FinTech Law (the Anti-Money Laundering Provisions – together with the FinTech General Rules and Circular 12/2018, the FinTech Regulations).

The FinTech Law and the FinTech Regulation will provide local FinTech companies with certainty and an operating framework that will allow them to grow. According to information published by Finnovista, during the last months Mexico has made great progress in the development of its FinTech sector and has positioned itself as potentially one of the most important FinTech hubs in the world. During 2017, Finnovista pointed out that Mexico was positioned as the largest FinTech ecosystem in the region with 238 start-ups. Pursuant to the 2018 edition of FinTech Radar (published by Finnovista), the FinTech ecosystem in Mexico increased its size to reach 334 FinTech start-ups, which left the country behind only Brazil in Latin America. Such figure represents an increase of approximately 100 new companies from 2017 to 2018 and an annualised growth of 40% during the period. Undoubtedly, one of the factors that will most impact the evolution of the FinTech sector in Mexico will be the responsiveness to the new regulation by the entities that offer financial products and services.

FinTech companies in Mexico base their operation on business models that use digital technology to provide financial products and services aimed at meeting specific needs of certain segments of the market, generating at the same time business opportunities for people who seek to invest in its resources. Unlike the large banks or the traditional financial institutions, which are often limited by their operational structure, the cost of service and dependence on an enormous infrastructure, FinTech companies have much more freedom to design and innovate in their service proposal. In short, FinTech companies base their business model on innovation and flexibility.

Several business models have been developed so far in the FinTech area. In Mexico they can be classified in the following four groups:

  • collective financing or crowdfunding model (includes debt and capital transactions and gathers platforms that allow participants to make or receive loans or to invest in the capital stock of a company);
  • e-money, payments and transfer model (combines the payment with the payment management which gives added value to the transaction and reduces transaction costs);
  • personal finance management model (includes platforms for loans, savings, insurance, investments and derivatives, as well as platforms for educational and cultural purposes); and
  • development model (this model is an initial development model destined to become a definitive model after a certain period of time, also known as a sandbox).

As previously mentioned, the Mexican FinTech Law and the FinTech Regulations are brand new.

The Mexican FinTech Law and the FinTech Regulations, among other matters, regulate financial services provided by financial technology institutions (FTIs), as well as their organisation, operation and activities and the financial services provided thereby that are subject to special regulation since they are offered or performed by innovative means. Mexican FinTech regulation establishes that the FTIs are crowdfunding institutions and the institutions engaged in electronic fund payments (e-money institutions).

Mexican FinTech regulation follows some of the general principles established in other Mexican financial laws but differs from regulation of legacy players. Compared with FinTech, the regulation of the traditional financial system is much more structured, with an institutional focus (rather than functional) and developed pursuant to international standards (especially the banking regulation which has been developed based on the Basel Accords).

The Mexican FinTech Law provides that legal entities which are not financial entities must obtain authorisation from the CNBV to carry out, through a novel model (as defined below), activities that require authorisation, registration or concession pursuant to the financial laws (including banking, securities intermediation, foreign exchange transactions and insurance). The financial authorities may grant or deny a conditional temporary authorisation to the companies interested in providing financial services through these models; this authorisation shall have a term related to the services that are intended to be provided and, initially, may not be longer than two years.

The Mexican FinTech Law also provides that financial authorities may discretionally authorise financial entities, including FTIs, temporarily to carry out operations or activities related to their corporate purpose through novel models when exceptions to the legal provisions issued by such authorities are required. This authorisation shall have an initial term of one year.

Pursuant to Mexican regulations, a 'novel model' shall be understood as a model that, for the provision of financial services, uses tools or technological means with modalities different from those existing in the market at the moment in which the temporary authorisation is granted.

The Mexican FinTech Law recognises the following regulators as the financial authorities for purposes of such law and the regulations derived therefrom: the CNBV; the Mexican National Insurance and Bonding Commission (Comisión Nacional de Seguros y Fianzas, the CNSF); the Mexican National Commission for the Protection and Defence of Financial Services Users (Comisión Nacional para la Protección y Defensa de los Usuarios de los Servicios Financieros, the CONDUSEF); the Mexican National Retirement Savings System Commission (Comisión Nacional del Sistema de Ahorro para el Retiro, the CONSAR – together with the CNBV, the CNSF and the CONDUSEF, the Supervisory Commissions); the Mexican Central Bank and the Ministry of Finance.

Authorisations to act as an FTI are granted by the CNBV upon favourable resolution of the inter-institutional committee which is composed of members of the Ministry of Finance, the Mexican Central Bank and the CNBV. An additional authorisation to be granted by the Mexican Central Bank is required if the relevant FTI is expecting to operate or manage virtual assets or foreign currency.

Authorisations to use novel models by non-financial entities must be issued to the financial authorities listed above, according to their supervised area of activities. Authorisations to use novel models by financial entities shall be granted by the corresponding Supervisory Commission upon approval of its respective Government Board; in the case of activities regulated by general provisions issued by the Ministry of Finance or the Mexican Central Bank, the temporary authorisations will be granted by such supervisory bodies.

Fines may be imposed by the Supervisory Commissions or the Mexican Central Bank and will be enforced by the Ministry of Finance or the Mexican Central Bank, as applicable.

In addition, in the Mexican FinTech Law and in the FinTech Regulations, additional responsibilities and obligations are set forth for each of the financial authorities. Therefore, a case-by-case analysis would be required in order to determine who the competent authority is for the corresponding case. 

FTIs can outsource certain services but cannot outsource their regulated functions. In general terms, the FTIs may agree with third parties, located in Mexico or abroad, the provision of services necessary for its operation, in accordance with the general provisions issued for such purposes by the CNBV or the Mexican Central Bank, as applicable. Such financial authorities may indicate in those provisions the type of services that will require authorisation to be outsourced.

If financial entities participate in the capital stock of FTIs, those financial entities may provide technological infrastructures and auxiliary services to support the FTIs operations, as long as they obtain the CNBV’s authorisation for such purposes and enter into a service contract in which the transfer prices are clearly established.

The hiring of services with third parties shall not exempt the FTIs, their directors, employees and other persons with an employment, position or commission therein, from the obligation to observe the provisions set forth in the Mexican FinTech Law or in the general provisions derived therefrom.

The Mexican FinTech Law provides that acts made in contravention of the law or in contravention of the regulations derived from the law will result in the imposition of administrative and criminal sanctions by the corresponding financial authority.

The confidentiality of the customer’s information is a principle that is recognised in Mexican financial laws, including those that regulate traditional players and FinTech entities. In addition to such laws, the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) has as its purpose the protection of personal data held by individuals, in order to regulate their legitimate, controlled and informed treatment to guarantee privacy and the right to individuals' information self-determination.

The Mexican Federal Law for the Prevention and Identification of Operations with Resources of Illegal Origin (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita) is a general law applicable to financial and non-financial institutions that has as its purpose the protection of the financial system and the national economy by establishing measures and procedures to prevent and detect acts or operations that involve illegal resources. In addition to this law, the financial entities are subject to various regulations published generally by the Ministry of Finance and the CNBV, as applicable. For the particular case of the FinTech sector, the FinTech Anti-Money Laundering Provisions has as its purpose to set forth the measures and procedures to prevent and detect acts, omissions or operations related to the financing of terrorism and operations with resources of illegal origin.

There is no particular law that has as its main purpose cybersecurity regulation, but rather there are various provisions throughout the financial regulation that require financial institutions to establish measures to prevent attacks on the technological networks of these institutions. Note, for example, that the Mexican FinTech Law sets forth, as one of the requirements to obtain the authorisation to act as an FTI, the filing of policies related to the disclosure of risks and responsibilities, including confidentiality policies, with the evidence that the FTI has a safe, reliable and accurate technological support for its clients with the minimum security standards to ensure the confidentiality, availability and integrity of such information and the prevention of fraud and cyber-attacks.

In Mexico, there is no comprehensive regulation covering social media; however, the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties and its regulations, among other statutes and rules, applies to processing of personal data. Pursuant to this law, those persons responsible for the processing of personal data shall observe the principles of legality, consent, quality, purpose specification, loyalty, proportionality and responsibility.

The Mexican FinTech Law provides certain obligations that need to be complied with by the external auditors of the FTIs, such as the review of the annual financial statements or the reporting of irregularities detected during an audit process that may have an impact on the operation of the FTIs. Those obligations are also established for other traditional financial institutions in the respective financial laws.

The idea of ​​the Mexican federal government is that FinTech entities can only offer products and services that are regulated. As aforementioned, the Mexican FinTech Law provides only two types of FTIs, crowdfunding institutions and e-money institutions.

Crowdfunding institutions may only perform activities aimed at putting members of the general public in contact to carry out collective debt financing, collective capital financing or collective co-ownership or royalties financing. Said institutions, in addition to their intermediation activities, may only perform the activities indicated in the Mexican FinTech Law for the development of their business.

The services performed with the public in a habitual and professional manner – consisting in the issuance, administration, redemption and transmission of electronic payment funds, by means of certain specific acts, through computer applications, interfaces, internet pages or any other means of electronic or digital communication – may only be provided by e-money institutions. These institutions, in addition to the activities indicated in the law, may only perform the activities indicated in the Mexican FinTech Law for the development of their business.

The robo-adviser is a different business model in which the client is provided with online advice and management of its investment portfolio. In particular, in cases where a regulated service is to be provided, including advisory services related to securities, insurance and banking, the entity owning the robo-adviser must be licensed as a financial entity, as the case may be.

Although legacy players know about the relevance of the technology in the investment sector, in Mexico only a few legacy players have implemented robo-advisers platforms. A few Mexican financial institutions have developed an investment platform through which certain questions are answered by the client and the system automatically suggests where and how to invest.

Robo-advisers aim to make an investment simple, low-cost and even a fun task for every investor. They are independent of emotions and therefore the decisions they make do not depend on the uncertainties that human beings may have. However, robo-advisers have a limited capacity to explain complex issues and are not able to manage customer questions or make recommendations based on their responses.

In Mexico, practically any person may lend money to any other person. Mexican law provides that only Mexican banks or non-bank banks may obtain funding from the public for the purposes of relending those funds, either by receiving deposits or issuing debt. These entities are subject to regulation and supervision. The FTIs that allow participants to make or receive loans are crowdfunding institutions, which are regulated by the Mexican FinTech Law, the General Provisions and the Anti-Money Laundering Provisions. In accordance with the applicable regulation, crowdfunding institutions are subject to certain limits. As a general rule, these institutions may publish funding request on their platforms as long as they do not exceed, per transaction, the amount of 50,000 investment units (USD15,000 approximately) if the loans are addressed to individuals, or the amount of 1,670,000 investment units (USD520,000 approximately) if the loans are addressed to legal entities or individuals with a business activity.

Under Mexican regulation, FTIs cannot obtain loans and credits to establish schemes that allow them to share the risks of the potential transactions promoted on their platforms unless they obtain authorisation from the CNBV. The requirements to obtain such additional authorisation are set forth in the General Regulations.

The purpose of crowdfunding institutions is to carry out activities aimed at putting people in contact with the general public, so that financing can be provided among them. As indicated above, only with prior authorisation from the CNBV may crowdfunding institutions obtain loans and credits in order to allocate funds to schemes that allow them to share risks with investors.

The loans offered on FTIs' platforms can be syndicated. However, it should be taken into account that the FTIs shall establish controls on their platforms that prevent the same investor from making investment commitments in amounts exceeding the percentages referred to in the General Provisions.

Payment processors may create or implement new payment rails. The Mexican FinTech Law provides certain obligations to FTIs and financial institutions in order to establish standardised application programming interfaces (APIs) to enable connectivity and access from other interfaces developed or managed by those entities and third parties specialised in information technology to share certain type of information, which would not constitute a violation of financial secrecy obligations. FTIs and financial institutions interested in obtaining access to such information will need the prior authorisation of their corresponding supervisory commissions.

Fund managers are regulated and supervised. There are basically two types, investment funds and pension funds, both of which are heavily regulated – their administrators require specific authorisations from the CNBV in the case of investment funds and from the National Commission of the Pension Fund System. The types of assets in which they may invest and the transactions which they may enter into are limited to those expressly permitted by the applicable regulation.

According to Mexican regulations, fund advisers may not impose conditions to the funds in terms that differ from the regulation. Generally, regulations impose rules on compliance with contractual terms, protection of the clients, compliance with investment rules and other applicable rules.

Fund managers are required to comply with anti-money laundering and know-your-customer rules. Such rules include reporting obligations in connection with suspicious and unusual transactions.

Although the Mexican FinTech Law includes provisions for the establishment of trading platforms for cryptocurrencies, the relevant regulations have not been issued by Banco de Mexico as of 28 February 2019. These will be different from the existing securities and derivatives trading platforms and exchanges.

The regulatory regimes applicable to the different crypto-currencies would depend on the regulations to be issued.

Banco de México has yet to issue regulations with respect to this matter. As of 28  February 2019, no such regulations have been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 2019, no such regulations have been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 2019, no such regulations have been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 2019, no such regulations have not been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 2019, no such regulations have been published.

Banco de México has yet to issue regulations with respect to this matter. As of 28 February 28 2019, no such regulations have been published.

Although there are no specific rules regarding high-frequency and algorithmic trading, rules issued by the CNBV allow Mexican broker dealers to permit certain sophisticated clients to transfer orders directly to the securities market using electronic communications. These clients include Mexican and foreign institutional investors, Mexican and foreign financial institutions, and issuers with securities registered in Mexico. These clients may use high-frequency and algorithmic trading using such electronic services.

Such participants are not subject to regulatory regimes.

Such players are not required to register as market-makers.

The transactions entered in terms described above in 8.1 Creation and Usage Regulations are not subject to best-execution rules.

The above-described rules apply to broker dealers. Funds have no specific rules regarding these types of trades.

There are no rules applicable to this point.

Mexican regulations do not require registration of financial research platforms.

The issue of spreading rumours or unverified information is not regulated in Mexico.

This question is not applicable under Mexican legislation.

This question is not applicable under Mexican legislation.

InsureTech is not regulated in Mexico.

Different types of insurance are not treated differently by industry participants and by regulators.

RegTech providers are not registered in Mexico.

These terms are negotiated on a case-by-case basis and mostly refer to terms and conditions of the service, client protection and confidentiality issues.

RegTech providers do not act as 'gatekeepers' under Mexican legislation.

Legacy players are well aware of the necessity to implement new technologies to create more transparent, safe and efficient procedures. For example, Santander Mexico announced, some months ago, a USD750 million investment to develop blockchain technologies that will strengthen security and integrate crypto-currency exchange into the financial system. Other bank institutions, such as Citibanamex and Scotiabank Mexico, have indicated that their investments are focused on the technology sector in order to offer new digital products and services to their customers.

The Mexican FinTech Regulation that has been published so far does not set forth the rules for the use of blockchain but it recognises the crypto-currencies as virtual assets. It is important to mention that, pursuant to the Mexican FinTech Law, FTIs will only be able to operate with virtual assets to be determined by the Mexican Central Bank through certain general provisions which shall be published before 10 March 2019. Under such general provisions, the Mexican Central Bank will establish the terms and conditions that FTIs shall observe for transactions with virtual assets.

As mentioned before, currently blockchain assets are not particularly regulated in Mexico. However, if we consider that a virtual asset, such as the bitcoin, may be a blockchain asset, then we can say that the general rules to operate with virtual assets are established in the Mexican FinTech Law. Pursuant to such law, a virtual asset is considered to be a value representation registered electronically and used by the public as a mean of payment for all types of legal acts and whose transfer can only be performed through electronic means.

Issuers of blockchain assets are not regulated by the Mexican FinTech Law. However, as described above, the Mexican Central Bank has yet to define the conditions and restrictions of the transactions and other acts that may be performed with virtual assets.

As mentioned before, under the Mexican FinTech Law, virtual assets operators should receive an authorisation from the CNBV to act as an FTI and keep their transactions transparent and audited. An additional authorisation from the Mexican Central Bank will also be required to perform transactions with virtual assets.        

No regulation has been enacted in Mexico in connection with peer-to-peer trading of blockchain assets.

There is no particular regulation for funds that invest in blockchain assets, but FTIs are obliged to elaborate and implement a policy for the identification of their clients in terms of the Anti-Money Laundering Provisions. In other words, FTIs are required to integrate a file for each of their clients at the time of signing contracts, providing services and carrying out transactions in order to fully identify them.

Please refer to 12.2 Local Regulators' Approach to Blockchain and 12.4 Regulation of 'Issuers' of Blockchain Assets, above.

In accordance with Article 58 of the Mexican FinTech Law, the FTIs shall implement measures for the adequate knowledge of their clients and for such purposes the FTIs will consider the antecedents, specific conditions, economic or professional activity and the geographical areas in which they operate. The information collected by FTIs shall be used and kept for as long as it is necessary to comply with the purpose for which it was collected and in accordance with the requirements of applicable laws and regulations, including those set forth by the Mexican Federal Law on the Protection of Personal Data in the Possession of Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares).

The Mexican FinTech Law indicates that the financial institutions, money transmitters, credit information entities, clearing houses, FTIs and companies authorised to operate with novel models must establish standardised application programming interfaces (APIs) to enable connectivity and access from other interfaces developed or managed by those entities and third parties specialised in information technology in order to share certain type of information, as described below.

To access information through standardised APIs, prior authorisation from the Supervisory Commission or the Mexican Central Bank, as applicable, is required. The Mexican FinTech Law classifies the information that can be shared among the above-mentioned entities as the following types of information: (i) open financial data, (ii) aggregated data, and (iii) transactional data.

The open financial data consist of data that does not contain confidential information, such as information related to products and services offered to the public, location of offices and branches, points of access to products and services. Aggregated data consist of statistical information related to operations carried out by or through the aforementioned entities, without containing a level of disaggregation that would allow the identification of personal transactions or information. Transactional data includes information related to the use of a product or service, including deposit accounts, credits and withdrawal means contracted on behalf of clients of the above-mentioned entities, among other information related to the transactions made by clients or that clients attempted to perform in their financial infrastructure. The aggregated data can only be accessed by the entities that have the authentication mechanisms set forth by the Supervisory Commissions or the Bank of Mexico, as applicable. Transactional data can only be shared with the prior authorisation of clients.

Ritch, Mueller, Heather y Nicolau, S.C.

Av. Pedregal No. 24 10th floor
Molino del Rey,
Mexico City,
Mexico

+52 55 9178 7000

pperezalonso@ritch.com.mx www.ritch.com.mx
Author Business Card

Trends and Developments


Author



Creel, García-Cuéllar, Aiza y Enríquez, S.C. has deep knowledge of all legal aspects of financial technology matters in Mexico, including the newly issued FinTech legislation about crowdfunding, peer-to-peer, e-wallets, payments, open banking, virtual assets and regulatory sandbox, but also financial regulation applicable to the use of digital channels by financial entities, means of disposition, online lending, money transmitters, and the use of technology in financial services in general. Recent work includes: advising PayPal Mexico in regulatory matters related to withdrawal methods networks, tax advisory and consumer protection; advising Emergent Payments in regulatory matters related to payment processing solutions in Mexico and in the use of its crypto asset GCoin; and advising stREITwise in Mexican regulation matters related to fund-raising through crowdfunding in accordance with United States Regulation A (Reg A+); advising IBM during the execution and implementation of technology services agreements with financial entities. Apart from the FinTech sector, Creel helps clients with all their legal needs in Mexico, ranging from incorporation of companies and capital raising, to tax issues, M&A, anti-money laundering and IT registration, antitrust and competition, TMT and intellectual property.

The New Path Ahead for FinTech in Mexico

In 2018, Mexico became one of the first countries to have a FinTech Law (Ley para Regular las Instituciones de Tecnología Financiera). While the path to reach that important milestone was not without its setbacks, the existence of this legislation is widely regarded as a bold step by the Mexican government towards the digitalisation and innovation of financial services. In addition, the FinTech Law has drawn attention to the potential of the Mexican market for digital financial services.

Mexico presents great potential for financial services due to the need to increase financial inclusion. According to the latest Financial Inclusion Report 9 (Repote Nacional de Inclusión Financiera 9) published by the National Financial Inclusion Board (Consejo Nacional de Inclusión Financiera), while there has been an increase in all the financial inclusion metrics (deposit products per adult, credit product per adult, etc), Mexico still lags behind many Latin-American countries, such as Chile, Argentina, Peru and Colombia. The potential for new ways to render financial services, especially digitally, is evident and many entrepreneurs are eager to grab this low-hanging fruit.

Mexico currently has one of the most solid and well-capitalised banking sectors in emerging markets. However, there is still a long way to travel in order to reach the full potential of Mexico in the use of financial services. FinTech companies represent a new player in that market that can create a competition that is destined to result in better offerings for financial services users.

Looking forward, there are different challenges for entities looking to innovate in the provision of financial services. First, the adoption of the provisions of the FinTech Law by the different entities and activities covered by it (peer-to-peer and crowdfunding, payments and wallets, crypto-currencies and open banking), which were sectors that were not particularly regulated up until the legislation was issued. Second, the proliferation in the use of digital solutions to provide other financial services, which could include: payments (aggregators and other card payment services companies); money transmitters, personal loans, insurance, wealth management, investments, etc. Third, new risks and areas of attention derived from the use of technology, like the use of biometrics, identity theft, anti-money laundering and terrorism financing (AML) regulations, among others. 

Adoption of FinTech Law

On the adoption of the FinTech Law, it is important to understand the purpose of the law. It tries to balance several concepts that at times can be opposite: on the one hand it promotes financial inclusion, innovation and competition to traditional financial institutions – but, on the other hand, it seeks to set a framework for supervision and stability of FinTech companies. In light of that, one important issue to keep in mind is that the FinTech Law treats financial technology companies (instituciones de tecnología financiera - ie, crowdfunders and wallets) as 'financial entities' with a material use of technology, and not as technology companies that engage in financial services. This distinction is relevant because it implies that financial technology companies are subject to the same amount of regulation and supervision as any other financial entity (ie, banks, broker-dealers, etc). This approach is aimed at providing certainty to users and preventing instability and excessive risk-taking practices, but results in a regulatory burden that might prove to be too much for start-ups to bear.

Currently, most financial technology companies are facing the challenge of adopting the new regulation as all those companies that were operating before 10 March 2018 have a September 2019 deadline to file their application to be licensed by the Mexican Banking and Securities Commission (Comisión Nacional Bancaria y de Valores – CNBV). This challenge (and FinTech entrepreneurs’ inherently innovative mentality) are causing companies to look for creative and innovative ways to meet the high regulatory standards and, in some cases, to look for different ways to continue to develop their business in ways that are compliant with Mexican laws, but that allow them to be outside of the scope of the FinTech Law.

There is still an important round of regulation that needs to be issued on March 2019 (authorisation of third-party providers, regulatory reports, use of digital means to acquire financial services, authorised virtual assets, cybersecurity, among others) and March 2020 (liquidity requirements and open banking), pursuant to the FinTech Law. Some of the regulations could define the path forward of the whole sector, since regulatory requirements could prove to be too much of a burden to start-ups, while a very lax approach could put the stability of the sector in jeopardy.

Also, this new round of regulations could serve to tune-up some of the prior regulations that have proven to be a roadblock in the authorisation process of some of the new Financial Technology Companies: for example, the amount of information that is requested from shareholders of the companies requires a disclosure that is not common to venture capital and private equity funds, which could result in some of those international funds restricting their investments in Mexican FinTech start-ups.

However, other regulations that will be issued in the following months, mainly open banking regulation, could aid in the efforts to expand financial inclusion and competition in the financial services space. Well-regulated open banking could result in the proliferation of client-oriented financial services that allow clients to compare and choose financial services or to have all of its financial information in a single platform, improving the user experience (aka, UX) and promoting the use of several financial products.

Another topic that has generated many discussions among regulators, market participants and users is virtual assets (ie, crypto-currencies). There are a lot of expectations about how virtual assets regulation will shaped by Mexico’s Central Bank (Banco de México – Banxico), as there seems to be a change of policy from the time the FinTech Law was issued to current dates. The FinTech Law granted broad authority to Banxico to regulate crypto-currency exchanges and to authorise those virtual assets that would be eligible for use by authorised financial technology companies and banks; however, to date there has not been an official positioning by Banxico on which virtual assets will be authorised (if any) or how services related to such assets, like custody and trading, will be regulated.

Other FinTech activities

As mentioned above, FinTech is not limited to those areas regulated by the FinTech Law. Moreover, there are several activities that fall under the scope of other financial laws and regulations or general commercial laws in Mexico. The degree of innovation that has been experienced in areas such as personal loans, credit and debit card payments, money transmitters, personal finance, is certainly a cause for celebration. For example, amendments to means of disposition networks enacted in 2014, which introduced principles of no discrimination and transparency, have helped boost the digitalisation of the Mexican retail economy, expanding the use of credit and debit cards instead of cash. According to the Financial Inclusion Report 9, the number of point of sale terminals (aka, POS) has almost doubled from 2013 to 2017.

However, many financial activities have faced the challenge of regulation thought for traditional distribution, which has become a setback for the digitalisation of areas like wealth management, trading and credit. Current AML regulations require in-person interviews for clients of almost every level of accounts, which has made remote onboarding of clients difficult and, in some cases, makes digital models non-viable. In this respect, in December 2018 the Ministry of Finance and Public Credit (Secretaría de Hacienda y Crédito Público) issued drafts of AML regulations for, among others, banks, broker-dealers, mutual fund managers and distributors, non-bank banks (sociedades financieras de objeto múltiple), money transmitters and credit unions to allow for digital on-boarding of clients, which could result in the proliferation of online and app-oriented entities rendering all the services related to such financial entities. This new regulation will allow for fully digital origination of several types of financial transactions of up to 60,000 investment units (approximately USD19,500), including brokerage accounts, mutual fund accounts, personal loans, credit cards, among others. This regulation is expected to enter into effect in January or February. 

New challenges

The increasing use of digital means to render financial services creates a new set of risks and focus areas for financial entities. Issues such as cybersecurity, data privacy, technological risk, business continuity plan, among others, will take a predominant role in the regulator’s supervision, in order to insure that the use of technology does not affect the stability of the financial sector or affect the funds of clients.

In addition, while the changes to AML regulation could appear to be a softening of the regulation, Mexico’s new administration has been very vocal about their focus on preventing money laundering. It is safe to expect that this approach will result in strengthened supervision of the compliance with AML regulations for financial entities and for other entities engaged in vulnerable activities which are not financial entities.

Another important challenge that will be faced by FinTech companies and financial entities alike is the adoption of biometrics in financial and commercial transactions. While banking regulation is at the forefront of financial regulation in Mexico with respect to the use of biometrics and identity theft-prevention, the validity of transactions authorised, or commercial acts executed through technologies like face recognition, retinal scan or fingerprint scan has yet to be contested in courts. Moreover, while the Commerce Code recognises the use of digital signatures, many commercial or financial acts, especially for credit transactions (ie, formalities of promissory notes) and creation of collateral, may not be compatible with new technologies. However, as the use of digital signatures and biometrics spreads in the new era of FinTech, Mexican courts will have to reach an understanding of such technologies and recognise their validity.

Regulatory sandbox

The FinTech Law introduces the concept of a regulatory sandbox (modelos novedosos), which consists of a temporary authorisation to provide financial services in an innovative way, without going through the whole licensing process. It is like launching a financial service in 'beta stage' to determine whether it would be successful or not, prior to incurring in material investments. The FinTech Law and the draft of regulation include general requirements for a project to be eligible for the regulatory sandbox, such as having a limited number of clients in a controlled environment; the key issue will be the determination of what will be considered as using tools or technologies to render financial services with different forms than those available in the market. In jurisdictions such as the UK or Malaysia, the regulatory sandbox has proven to be a very potent tool to promote innovation and has allowed highly innovative models to become a reality. Hopefully, the regulatory sandbox in Mexico has a similar effect that can help solve the lack of financial inclusion in several areas of the country.

Conclusion

The FinTech Law certainly sets a benchmark for Latin-American countries with respect to the approach to new technologies in financial services. Furthermore, recent regulatory changes to AML regulation also set the ground for an increase in the use of digital platforms to provide financial services, all of which will require a deep understanding of the regulatory framework and compliance culture that will be no minor task for technology enthusiasts.

While stability is key to the development of any industry, an excess of regulation could prevent entrepreneurs and start-ups from reaching their full potential and bringing financial services to the general population. A balance must be found by regulators and market participants to promote the use of technologies and achieve the digitalisation of the Mexican economy.

The new regulatory environment presents a great challenge for attorneys, as we will be constantly put to a test to come up with new legal solutions to our innovative clients' endeavours to develop a new industry.

Creel García-Cuéllar Aiza y Enríquez, S.C.

Torre Virreyes Pedregal No 24,
Piso 24 Col. Molino del Rey,
Ciudad de México
11040

+52 (55) 4748 0600

eduardo.flores@creel.mx www.creel.mx
Author Business Card

Law and Practice

Authors



Ritch, Mueller, Heather y Nicolau, S.C. has 20 partners and 106 lawyers, who between them speak English, French, German and Spanish. Their key practice areas are capital markets, banking and finance, financial Institutions, corporate governance and compliance. The firm is assisting several Fintech entities in their authorisation processes with the CNBV.

Trends and Development

Author



Creel, García-Cuéllar, Aiza y Enríquez, S.C. has deep knowledge of all legal aspects of financial technology matters in Mexico, including the newly issued FinTech legislation about crowdfunding, peer-to-peer, e-wallets, payments, open banking, virtual assets and regulatory sandbox, but also financial regulation applicable to the use of digital channels by financial entities, means of disposition, online lending, money transmitters, and the use of technology in financial services in general. Recent work includes: advising PayPal Mexico in regulatory matters related to withdrawal methods networks, tax advisory and consumer protection; advising Emergent Payments in regulatory matters related to payment processing solutions in Mexico and in the use of its crypto asset GCoin; and advising stREITwise in Mexican regulation matters related to fund-raising through crowdfunding in accordance with United States Regulation A (Reg A+); advising IBM during the execution and implementation of technology services agreements with financial entities. Apart from the FinTech sector, Creel helps clients with all their legal needs in Mexico, ranging from incorporation of companies and capital raising, to tax issues, M&A, anti-money laundering and IT registration, antitrust and competition, TMT and intellectual property.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.