Mexico: Fintech In Mexico And The Scope Of Regulation

Last Updated: 3 September 2019
Article by Romina Fernández

The innovative aspects and the evolution of financial technologies have allowed for a strong positioning in the market, transforming the world and marking the beginning of a new era. The term 'Fintech' is lexically the union of the abbreviated words that make up the concept of 'Financial Technology', which refers to the interaction of financial systems and technology.

The widespread distrust emanating from the financial crisis of 2008 led to the development of financial alternatives that could meet the needs of consumers, alternatives which benefitted fully from the advent of new means of interacting and of carrying out recruitment, as well as of remunerating and investing. It can be argued that Fintech companies have emerged to fill gaps in traditional banking, doing away with the existing limitations on project, company or sector financing; making local and cross-border payments accessible; reducing the need for intermediaries, as well as increasing the monetary and administrative efficiency of financial transactions, among others.

Bowing to international trends for regulating the capture and investment of revenue through the use of technology, Mexico has been forced to legislate on financial services less rigidly, and in ways that are mindful of existing law. Although it responded later than other countries, Mexico currently has a track record of sector start-ups which have flourished and grown significantly.

Nonetheless, the rapid development of financial services provided by entities which essentially operated in a gray area between regulation and complete lack thereof motivated Mexican authorities to undertake the task of reviewing the activity of Fintech companies more closely. The need arose for appropriate regulation similar to working models in other countries that would marry Mexican financial legislation to the reality of financial technologies.

Consequently, the Financial Technology Institutions Law (forthwith referred to as the 'Law' or 'Fintech Law') was approved and published in the Federal Official Gazette on March 9 of this year. The objective of the Law is to group and regulate banking sector agents, entrepreneurs and private capital owners based on protecting inclusion and financial stability. Fintech Law also endeavours to prevent fraud, money laundering or mobile payments through the use of cryptocurrencies; it protects consumers and creates competition.

Issues with the Regulatory Framework in Mexico Prior to Fintech Law

The emergence and expansion rates of Unregulated Multiple Purpose Financial Companies (Sofom) and Popular Financial Companies (Sofipos), models under which many of the financial technology companies in Mexico operated, made the country the largest market in Latin America, with 140 financial services start-ups. The most common activities of Fintech companies are crowdfunding, loan services to small and medium enterprises, financial consulting, payments and remittances, management of personal and business finance, financial education and savings, markets and foreign currency exchange, and managing cryptocurrency, among others.

The main problem was the lack of regulation in matters of crowdfunding, deposits and payments, and currency exchange, which had never been contemplated under the Securities Market Law or the Credit Institutions Law, among others. Furthermore, the lack of supervision of financial services under the National Banking and Securities Commission ('CNBV'), and the insufficient consumer protection provided by the Commission for the Protection and Defence of Users of Financial Services ('CONDUSEF') or by the Federal Consumer Protection Office ('PROFECO') caused a great deal of concern for financial consumers.

Prior to Fintech Law, the only provisions in effect were those outlined in the legal framework for the regulation of electronic commerce. This legislation was however inadequate for covering the type of operations currently carried out in the Fintech sector; attempts were made rather unsuccessfully at interpreting existing law to respond to the needs of the sector. The overall lack of regulation generated significant legal uncertainty for the operation of Fintech start-ups in Mexico, reason for which the federal government was compelled to enact bespoke legislation. However, there are specific challenges inherent to Fintech Law that will be faced by financial technology institutions ('ITF'), difficulties that will probably favour entities in the financial sector.

The Regulated Fintech

The Law aims to regulate two types of ITF: (i) crowdfunding institutions and (ii) electronic payment fund institutions. It is also responsible for regulating virtual assets – securities not backed by a banking institution. The differentiation of regulated activities leaves out important areas such as credit risk, insurance activities (Insurtech), among others. The net result is regulation in the sector that is largely asymmetrical.

The first type of regulated ITF, crowdfunding, is defined by the Law as activities intended to establish connections amongst members of the general public, with the purpose of granting financing through operations carried out through computer applications, interface platforms, webpages or any other means of electronic or digital communication.

However, crowdfunding activities include five strands, out of which the Law focuses on regulating only three, (i) crowdfunding debt, in which financing is granted to applicants through resources from various investors; (ii) crowdfunding of capital, in which the investors acquire a specific participation share in the applicant entity and (iii) crowdfunding of co-ownership or royalties, in which an investor acquires an aliquot share or equity of the revenue, profit, royalties or losses on an applicant’s projects, as part of joint ventures or agreements. The remaining two types of crowdfunding (donation-based and reward-based) are not regulated, as they do not require a licence for carrying out essential activities.

Crowdfunding institutions must comply with obligations defined in Fintech Law, as applicable to various aspects of their operations. For example, their activities must be carried out in national currency, and they cannot issue statements of guaranteed return on investments.

Services offered by electronic payment institutions to the public include the issuance, administration, redemption and transmission of electronic payment funds through the same means available in the case of crowdfunding: computer applications, interface platforms, webpages or any other means of electronic or digital communication.

One common service provided by electronic payment institutions is the opening of funding accounts for customers, where the latter are able to make deposits in local or foreign currency, move certain virtual assets, issue electronic payment transfers, and transfer certain amounts, whether in national currency, foreign currency or virtual assets, if authorised by the Bank of Mexico. However, no interest, income or any other monetary benefit will be paid on the accumulated balance for such transactions, unless instructed by the Bank of Mexico. It should be noted that electronic payment institutions are permitted transactions with virtual assets and foreign currency for deposits and payments, while crowdfunding institutions may only carry out similar operations upon authorisation from the Bank of Mexico.

Both types of ITF require a licence to operate, and resources used by clients in operations with the ITF are not guaranteed by the federal government or state-level public administration.

Virtual Assets

According to Fintech Law, virtual assets are understood as the electronic representation of value which is used by members of the general public as payment for all type of legal transactions, where the transfer can be carried out solely by electronic means. While this definition clarifies that virtual assets be used as means of payment, nowadays some users are giving it a different use, for example that of storing value. Although the exchange of virtual assets generates interest on account of public demand, they are neither issued nor endorsed by the Bank of Mexico or any financial institution.

The Bank of Mexico is the entity tasked by the Law with determining: (i) the virtual assets with which it is permitted to operate, (ii) the type of operations to be carried out, (iii) the settlement of transactions resulting from the delivery to the client of an amount of virtual assets or the amount in national currency for a payment received for the sale of the same, and (iv) the characteristics, custody and control measures of the assets. The criteria employed by the Bank of Mexico for determining the type of virtual assets to be operated with include the use that the public will give them, the way other jurisdictions handle them, as well as additional regulation aimed at controlling the replication of asset units. However, the authority that the Bank of Mexico can exercise in issuing secondary provisions for recognising or determining the characteristics of virtual assets is highly discretionary. This regulatory flexibility casts a shadow of uncertainty on the effectiveness of the primary provisions of Fintech Law.

Although on one hand the Law clearly seeks to protect ITFs from money laundering or terrorism financing, it also aims to protect the consumer from fraud and the inappropriate use of personal data. It has attempted to achieve the latter by requiring the identifying of applicants and investors, and by regulating the delivery and reception of money on the consumer side. However, this protection has not been sufficient, since the law mandates that risks are fully borne by the customer.

Authorisation Procedure

Operating an ITF requires a licence that must be requested from the CNBV, licence which is discretionarily granted upon agreement within the Interinstitutional Committee. Additionally, the Bank of Mexico (BM) has the authority to recognise ITFs intending to carry out activities with virtual assets and foreign currency.

Nonetheless, legal entities seeking to obtain authorisation to become an ITF must previously be incorporated as Public Limited Companies, demonstrate domicile in national territory and have a fixed capital that is share-subscribed and payed out. ITFs may proceed to carry out activities once these requirements have been deemed fulfilled according to the general provisions issued by the CNBV for that purpose. For the moment, it is not possible to predict the criteria that the CNBV will use for determining said provisions; however, this discretionary power is not expected to dictate unattainable requirements that could limit competition, or, conversely, generate provisions so lax that they may destabilise the financial market.

The Operation of the ITF

ITFs must handle the limited monetary resources of their clients, or the funds which clients may have available, reserves which when received from or delivered to the consumer must come from or be deposited to accounts opened with financial entities. Exceptionally, the CNBV may authorise the receipt or transfer of amounts in cash, or the transfer of electronic funds from accounts opened with financial entities abroad. These limitations force the ITFs to document the monetary transactions made.

Likewise, resources received from clients must be kept identified by client and need to be segregated from the ITF’s own resources. To this end, ITFs are required to provide clients with account statements. On the other hand, financial statements issued by the ITF must be audited by an independent external auditor.

Oversight of ITFs

The CNBV is the financial authority tasked with supervising compliance on the part of the ITF. Likewise, the Bank of Mexico will act as the oversight body with respect to the provisions that emanate from it.

The Regulatory Sandbox

Authorisation under a sandbox model is required of companies interested in trialling innovative technological activities, or when providing financial services different from the existing and regulated ones. The authorisation that financial authorities issue for this purpose will be exceptional for these services, and time-bound to two years. The terms and conditions for the authorisation of the provision of the specified services is established therein, and in the eventuality of conflict between the authorised company and its client, the CONDUSEF will oversee dispute resolution.

Legal entities, financial entities and ITFs may request to operate under the sandbox model, although in the case of the latter two a shorter operating time is considered when the authorisation is granted. All three types of institutions are subject to supervision and will be required to report the number of clients they have had transactions with, the operations they have performed, and the risks that may have arisen, among other obligations.

Administrative and Criminal Sanctions

The imposition of sanctions for non-compliance with the Law or the conditions outlined in the authorisation to operate whether as an ITF, or in the sandbox model, is subject to administrative or criminal penalties.

Financial entities, innovation companies, ITFs and companies authorised to operate with sandbox models, as well as the members of the board of directors, general managers, executives, officials and employees, among other staff, may be sanctioned.

Fines vary in amount depending on the level of the administrative transgression, and criminal sanctions are proportional to the offense. It should be noted that one of the most severe sanctions mandates imprisonment for seven to fifteen years for carrying out activities without having the corresponding authorisation.

The Risks and Deficiencies Inherent in Fintech Law

Although there is evidence that the Law has sought to prevent illicit operations on the market, as well as to protect consumers in the transactions they undertake, there is a number of risks that have not been mitigated.

One of the risks concerns money laundering, where even though the Law establishes certain information exchange controls for preventing illicit activities, it does not stop related fraud or computer crime that may occur. Another risk of a fiscal nature that the Law does not contemplate relates to the exacting of tax for crowdfunding activities, or to consumer protection, as resources invested by customers are not guaranteed. Likewise, long-term risks are also possible, such as in monetary policy, which can be affected by the growth of the volume of credit in the absence interest rates referenced by a Central Bank. This can generate instability and distortions within the country’s monetary policy.


In principle, Fintech Law seeks to establish general principles, while secondary provisions aim to cover other areas not initially contemplated. While over-regulation has the tendency to limit entrepreneurship, the current Law, despite significant attempts at establishing a regulatory framework, leaves several areas which for the moment are inadequate, and that will need to be remedied. In addition, there is evidence in the text of the Law to contend that although it seeks to protect both the industry and the financial resources of customers, there is a certain inclination in favour of the traditional banking sector, which reflects the long-standing status quo privileges of the latter.

Mexico, as an emerging country in the Fintech sector, must be mindful of the progress of financial technology, and understand it is likely to be ahead of the Law. Regulators and supervisors must aim to be constantly up-to-date in order to meet the needs that accompany innovation in technology. Financial regulation needs to learn from and respond to the changes rippling through the market, even more so if the innovative projects proposed by some start-ups seek to correct the inefficiencies of traditional banking and add competition in the sector, favouring users.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
Related Articles
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions