This country-specific Q&A provides an overview of Fintech laws and regulations applicable in Mexico.
What are the sources of payments law in your jurisdiction?
While there is no single legislative framework which governs payments law in Mexico, its primary sources are: (i) the “Ley Monetaria de los Estados Unidos Mexicanos” ‘Mexican Monetary Law’ —which, inter alia, awards the status as legal tender to the Mexican “Peso” (MXN) and, therefore, requires paper money (or banknotes) and coins to be accepted as payment for all types of transaction (subject to limits, as regards coins),— (ii) the “Ley del Banco de México” ‘Mexican Central Bank Law’, (iii) the “Ley del Sistema de Pagos” ‘Payment Systems Law’ —which deals with both national currency foreign exchange transactions clearing and settlement and which, along with, along with “Mexican Central Bank Law”, establish the Banco de México ‘Mexican Central Bank’ as the statutory regulator of payment and settlement systems, while charging the central bank with the supervision and oversight of such systems, as well as with enforcement powers,— (iv) the “Ley del Mercado de Valores” ‘Securities Law’, (v) the “Ley Para La Transparencia Y Ordenamiento De Los Servicios Financieros” ‘Financial Services Ordering and Transparency Law’ and (vi) the related implementing regulations and directives.
Can payment services be provided by non-banks, and if so on what conditions?
Yes, payment services may be provided by non-banks. The main restriction concerning payment service providers (“PSPs”) has to do with the fact deposit taking is limited to either commercial or development banks; the enactment ‘Ley de Instituciones de Tecnología Financiera’ or ‘Financial Technology Institutions Law’ (the “Fintech Law”) resulted in the possibility of Fintech institutions (“FTIs”) and users of crowdfunders to receive money from the public. FTIs who receive money from the public must, nevertheless, receive the corresponding authorisation and meet with the restrictions and limits thereunder (and, importantly, under the “Mexican Central Bank Directive 12/2018, to electronic payment funds institutions concerning general provisions applicable to electronic payment funds institutions”). Under this exemption, e-money institutions may, for example, engage in the issuance and of e-money.
Non-deposit-taking PSPs face, in principle, less important restrictions (following a trend that, perhaps, initiated early on in 2006, when financial institutions different from banks were allowed to partake in the Interbank Electronic Payment System,) while in some cases requiring the prior authorisation Mexican Central Bank to operate as such (e.g., clearing and settlement companies); in any event, all PSPs are regulated, supervised and overseen by the Mexican Central Bank which is responsible for the proper functioning of payment systems.
Significantly, mobile operators, as well as other agents that bear relevance with respect to the infrastructure that accommodates payment services, have grown in importance. It is in this field that the Mexican Central Bank has fostered innovation and competition with a view to achieving greater financial inclusion and a much higher adoption of electronic payment systems (vid. Mexican Central Banks Directives 17/2010, 22/2012, 3/2012, 3/2013, concerning mobile payments, and Directive 3/2019, regarding CoDi or “cobro digital” ‘digital collection’ which is meant to enhance the aforementioned Interbank Electronic Payment System). Concerning points of sale infrastructure, we’d like to bring to your attention to payment gateways or payment aggregators PSPs, which are non-banks who have an agreement with an acquiring bank to provide card acceptance services and which are under the supervision of the “Comisión Nacional Bancaria y de Valores” the ‘National Banking and Securities Commission’ (hereinafter, the “CNBV”.)
What are the most popular payment methods and payment instruments in your jurisdiction?
Cash is still the most common payment method in Mexico for retail payments, owing to the fact financial inclusion has not yet reached acceptable levels —to put this in perspective, based on information of the CNBV, 78% of the adult population in Mexico is excluded from financial services— because of, inter alia, financial education and the inherent high costs or fraud risks of some of the non-cash payment alternatives (e.g. pre-authorised debits, cheques, payment cards, etc.); significant and inexpensive instruments have been developed recently, such as the Interbank Electronic Payment System or e-money ecosystems, the former of which is expected to be enhanced through the use of digital standardized requests to pay, e-money alternatives.
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
Open banking in Mexico is soon to become a reality following the enactment of the Fintech Law and will be implemented in Mexico through the Application Programming Interfaces (“APIs”), allowing financial institutions to exchange financial data of their clients through open programming interfaces, respecting privacy and confidentiality under the provisions of the “Ley Federal de Protección de Datos Personales en Posesión de los Particulares” ‘Federal Law for the Protection of Personal Data Held by Private Parties’ (the “Data Protection Law”).
In accordance with Article 76 of the Fintech Law, FTIs, clearing and settlement houses, traditional financial institutions, money transmitters and credit reporting companies must develop APIs allowing connectivity and access to other APIs. The effective use of APIs is, unfortunately, dependent upon the issuance of the secondary regulation which is, up to this date, lacking.
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
The Data Protection Law applies to private parties, whether individuals or private legal entities, that process personal data, with the exception of:
A. Credit reporting companies, and
B. Persons carrying out the collection and storage of personal data that is exclusively for personal use.
Therefore, the Data Protection Law and its regulations are undoubtedly applicable to financial services entities (including FTIs) in control of personal and financial data, same that must adhere to the principles of legality, consent, notice, quality, purpose, fidelity, proportionality and accountability enshrined in the Data Protection Law.
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
The issuance of the Fintech Law itself encouraged innovation; some of the new regulations issued by the financial regulators, especially those enacted by the Mexican Central Bank, instilled the use of innovative technology across different areas (see mobile payments reference in Q2 above). On the other end, a regulatory sandbox approach has been adopted under the Fintech Law and regulation; pursuant to this special regime, all entities intent on operating an “innovative model” —which, under the Fintech Law, is any model which uses tools or technological means for performing financial services with modalities different from those existing in the market—, including financial entities (insofar as the provisions governing them do not allow for the corresponding model,) must receive a temporary authorisation from the corresponding financial authority for them to be governed under a so-to-speak “lenient” legal regime. Unfortunately, the Fintech Law and regulations failed to include “minimum period” requirement concerning the authorisation, which is necessary for the entity requesting the authorisation to achieve sufficient results or have a performance that provides enough evidence to justify the inherent benefits of the proposed “innovative model”.
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
Yes. Imminent risk factors that have not yet been addressed by the Fintech Law and secondary provisions thereunder (the likelihood of the use of FTIs in money laundering, for instance, has already been addressed) and which may hinder the development of FTIs have to do, chiefly, with (i) significant entry barriers, (ii) the rapid evolution of technology vis-à-vis law, (iii) the shortcomings of a far from all-comprehensive and specific legislation; (iv) the potential abuse of customers by FTIs, etc.
What tax incentives exist in your jurisdiction to encourage fintech investment?
No special tax relief or incentives have been provided to further promote and develop Fintech investment in Mexico.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
In accordance with the “Report on Fintech in Latin America 2018: Growth and Consolidation” (IDB, 2018) the lending segment has been the main area attracting investment, with the real-state crowdfunding sub-segment and wealth management areas experiencing exponential growth; because of the novelty of the Fintech sector (and the relative lack of confidence of capital funds), most funding have taken place at a Series B or C levels, nevertheless the lending FTIKonfio platform Series B US$10 million funding is noteworthy as an exception to this situation.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
Mexico has become a suitable option for Fintech companies in the region for a number of reasons; in point of fact, the sector grew 16% last year. Such reasons include: (i) the competitive Fintech legal framework and the relevant secondary regulations; (ii) the potential reduced costs and savings in the country; (iii) the leniency of FTIs’ framework vis-à-vis banking and other financial institutions law; (iv) the exceptional robustness of foreign investment protections; (v) the strength of the banking sector and (vi) the competitiveness of Mexican “peso” against other emerging market economies’ currencies.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
Pursuant to Article 7 of the Federal Labour Law (“FLL”), foreign individuals are permitted to work in Mexico; it is important to stress out that Mexican citizen employees must amount, at least, to 90% of the working force.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
Yes; further to the above, under the FLL, foreign employees may be employed on a temporary basis if there are no Mexican employees available with the required skills in the understanding, however, Mexican employees must be trained to occupy permanently such position. To the extent the abovementioned ratio is not complied with, authorities may impose a fine. Please note that Mexican citizenship restrictions do not apply to chief executive officers, general managers or directors.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
In accordance with the ‘Ley de la Propiedad Industrial ‘Mexican Industrial Property Law’, invention, industrial designs, utility-models and processes are patentable. The titleholder of a patent (the assign or licensee thereof) holds the right to exploit such intellectual property. The right to secure a patent corresponds to the inventor or designer of the underlying property.
Any such patent will have a validity of 20 non-extendable years, starting from the date on which the filing for the patent took place (payment of an analysis fee is necessary); the registration of the utility models thereupon will be in effect for 10 non-extendable years, and the registration of the industrial designs will have a validity of 5 years. Computer programs are also subject to copyright registration. In addition to local provisions, Mexico is subject to the provisions of the Paris Convention for the Protection of Industrial Property and other relevant international treaties.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
Cryptocurrencies were practically banned by the ‘Disposiciones de carácter general aplicables a las instituciones de crédito e instituciones de tecnología financiers en las operaciones que realicen con activos virtuales)’ ‘General provisions applicable to credit institutions and FTIs concerning transactions with underlying virtual asset transactions’, issued on March 8, 2019, which may, accordingly, be used by either financial institutions or FTIs subject to the authorisation Mexican Central Bank and in connection with their internal activities.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
See Q14 above; coin offerings are, therefore, forbidden in Mexico.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
Yes, there are initiatives to integrate blockchain-based technology with public in Mexico systems such as the electronic signature for tax purposes: this technology will allow for a more reliable authentication process. Another blockchain use we are aware has to do with the modernisation of the Public Registry of Commerce interface.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
Mexican financial institutions are not only at the forefront of the implementation of artificial intelligence, but a significant percentage of them are already in a process of digital transformation in order to streamline their processes. Other than these private developments, back in 2016, the RegTech for Regulators Accelerator “partnered with (…) authorities in (…) Mexico to develop tools and techniques for better market supervision and policy analysis” (Gurung and Perlman, 2018), an effort which led to the creation of an access-controlled data storage platform of the CNBV that automatically validates, analyses and reports data submitted by financial institutions in connection with AML requirements. We think regulation, as is (no specific AI law exists currently), will foster AI’s further use in the near future.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
Technology improvement has moved high in the agenda of insurance companies, particularly as regards digital sales. Nonetheless, the proportion of Insurtech FTIs seems yet to be rather low with respect to other sectors; in 2017, AIG Mexico launched, by way of example, ‘Seguro X Kilómetro’, a pay-as-you-drive insurance based 100% on telematics. Experts say however Insurtech will mature early in 2020.
Are there any areas of fintech that are particularly strong in your jurisdiction?
See Q 9 above, other than those (especially, the credit and financing segment) the payments and transactions, financial consulting and management services and the insurance sectors.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
While open banking is encouraged, the secondary regulations have yet to remove the incentives against collaboration between FTIs and financial institutions (see Q4 above); it can be said that developments brought about by these phenomena are yet to be assessed or pondered.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Yes, “in 2017 BBVA Bancomer launched its open innovation program called Open Sandbox” (IDB, 2018); also in 2017 Santander Tap launched its “Santander Tap” pilot program. Many other financial institutions, such as Banorte, have followed this course with similar initiatives. Moreover, according to the “GFT Banking Expert Survey 2017”, 30% of the Mexican banks have a defined digital transformation strategy, while 50% have a digital transformation strategy being developed.
Are there any strong examples of disruption through fintech in your jurisdiction?
Absolutely, we strongly believe FTIs have contributed to the democratization of financial services in Mexico, a feature which resulted in the creation, for instance, of the “Asociación de Plataformas de Fondeo Colectivo” ‘Crowdfunding Platforms Association’ and of the Fintech Association (IDB, 2018). The issuance of the Fintech Law itself can be seen as a case for disruption in Mexico.
Particularly, the “Comisión Nacional del Sistema de Ahorro para el Retiro” ‘National Pension Savings System Commission’, enacted regulatory provisions which allow pension fund managers ‘administradoras de fondos para el retiro’ to explore and implement new mechanisms, guided by technology innovation, that serve best their customers and, moreover, opened a “sandbox” in March (2019) to FTIs within the pension system.