The Mexican Federation's Official Gazette published several general provisions on September 10 that concern Fintech entities (FTEs) in compliance with the stipulations in the Law to regulate Fintech Entities (the Fintech Law)* passed in March:

Provisions in article 58

The general provisions covered in article 58 of the Fintech law create the regulatory framework for preventing transactions using the proceeds of crime and avoid the financing of terrorism. Minimum procedures are set in place that FTEs must observe to prevent their being used as vehicles to commit these felonies and to stop improper use of the financial system through the new services available to the public thanks to innovations in technology.

The highlights of the article are as follows:

• Risk-based approach and due diligence on the client

FTEs must design and implement the methodology they need to assess the risks to which they are exposed. To conduct transactions with their clients FTEs must fill out an individual file containing relevant information about what the client type, for which entities must draw up a client identification policy. They must establish the client's transactional profile (Know Your Customer policy, KYC) and classify the client into one of the three categories set out in the law: low, medium or high risk.

• Internal structures

The regulations require FTEs to have a Communications & Monitoring Committee which will submit the results of implementing the risk assessment methodology to the Board of Directors and set the criteria for classifying clients depending on their risk profile. The law stipulates the creation of the position of Compliance Officer, an employee who must have been awarded the requisite certificate from the National Banking & Securities Commission and who will draw up the Compliance manual, which will outline in detail the entity's identification and KYC policies.

• Regular reporting

FTEs must send regular reports to the governmental Secretariat via their Communications & Monitoring Committee. There must be reports on Significant Transactions, Unusual Transactions and Worrying Internal Transactions; reports on transactions in foreign currency above USD 500; reports on international transfers for sums above USD 1,000; and reports on Transactions with virtual assets.

Provisions applying to transactions using electronic payment fund entities

These provisions, approved in Circular 12/2018, regulate transactions in local and foreign currency, direct debit, cross-border transactions and instances of card theft or loss.

General provisions applicable to FTEs

These provisions are applicable to all kinds of FTEs, both crowdfunding entities and electronic payment services, and contain 8 appendices with templates for the collection of biographical information about the individuals being nominated for directorships and for setting accounting criteria, among others.

The most important points are the following:

• Requests for authorization to operate as Fintechs

The provisions require greater formal requirements: together with the request for authorization to operate as a Fintech, the applicant must also submit a business plan, a financial viability study and information about its risk management, among others. Furthermore, the CNBV's authorization is needed for certain transactions such as making transfers, whether in local or foreign currency.

• Minimum capital to operate as a Fintech

They establish the minimum capital needed to operate as a Fintech: this is the equivalent in local currency of 500,000 Investment Units (UDIs), when the Fintech has been authorized only to make one type of transaction in local currency; and the equivalent of 700,000 UDIs, if the Fintech is allowed to make two or more types of transactions, or if the transactions are conducted in virtual assets.