Industry

KYC requirements and regulations in Mexico: A comprehensive guide

KYC procedures in Mexico keep evolving to meet stringent regulatory requirements. Learn more.

An icon of a globe, it represents global KYC.
Last updated:
3/18/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Mexico is a member of the Financial Action Task Force (FATF) and has designed its Know Your Customer (KYC) requirements around the organization’s recommendations.
  • KYC and anti-money laundering (AML) compliance in Mexico is regulated by the Comisión Nacional Bancaria y de Valores (CNBV) and other government agencies.
  • Financial institutions in Mexico are required to collect and verify an individual’s name, date of birth, address, and nationality before allowing them to open an account. 
  • A wide range of other businesses offering “vulnerable activities” must also comply with KYC requirements under Mexico’s AML law.

The fight against money laundering has long been a challenging one for authorities in Mexico, who have struggled to prevent crime syndicates and cartels from using the country’s financial system to wash their illicit funds. 

In recent years, there has been a concerted effort to align Mexico’s anti-money laundering (AML) requirements with the Financial Action Task Force’s (FATF) recommendations and international standards. Naturally, this has resulted in modernizing and updating the nation’s Know Your Customer (KYC) regulations.

Below, we discuss the importance of KYC in Mexico and take a closer look at the country’s KYC laws and requirements. We also outline key considerations for implementing a KYC program that are compliant with Mexican law and answer other commonly asked questions. 

What is KYC?

KYC stands for Know Your Customer and refers to the actions businesses take to ensure their customers are who they claim to be. Most countries’ anti-money laundering (AML) regulations include KYC requirements.

Generally, KYC consists of three key components: identity verification (IDV), customer due diligence (CDD), and transaction monitoring.

Mexico, like many countries, shapes its AML and KYC requirements around the FATF’s 40 recommendations. Given the country’s unique challenges, which we speak about below, there are nuances specific to Mexico that are helpful to understand when designing a KYC/AML strategy. 

Importance of KYC in Mexico

Fighting money laundering

According to a 2021 report by the U.S. Department of State, “Illicit actors launder billions of dollars of drug trafficking proceeds through the Mexican financial system annually. Corruption, bulk cash smuggling, extortion, fuel theft, fraud, human smuggling, and trafficking in persons and firearms serve as sources of additional funds laundered through Mexico.” Using KYC to catch money launderers has the potential to stem a wider range of criminal activities.  

KYC requirements help combat money laundering in a number of ways. To understand how, it’s helpful to take a look at the three prongs of a comprehensive KYC program:

  • Identity verification: Verifying a customer’s identity upon account creation makes it more difficult for criminals to open fraudulent or shell accounts. When legitimate IDs are used, a paper trail is created and can be used by regulators for audits and investigations. The information collected during IDV can also be used to identify suspiciously linked accounts in the future through link analysis, a data science technique used to uncover fraud rings and bad actors. 
  • Customer due diligence: CDD reviews help fill in a customer’s risk profile, including how likely they are to engage in money laundering. Those deemed to carry more risk may be subject to heightened scrutiny or denied services outright. 
  • Transaction monitoring: Per the U.S. Department of State report, structured cash deposits are a key way that criminals introduce illicit funds into Mexico’s financial system. Monitoring customer transactions remains one of the most efficient means of identifying this and other suspicious activity.

Increasing financial access

According to the 2021 National Survey of Financial Inclusion, only 49% of adults in Mexico have a bank account, and even fewer (33%) have access to a credit card. 

While there are many contributing factors, a major one is distance. Many of Mexico’s unbanked population live in remote or rural regions, where in-person banking is challenging. 

Electronic KYC (eKYC) is increasingly making it possible for financial institutions to comply with AML regulations while concurrently enabling more of Mexico’s population to participate in the country’s financial system via online banking and other applications. 

KYC regulators in Mexico

In Mexico, AML and KYC compliance are supervised and regulated by a number of different government agencies, depending on the nature of the business. 

Designated Non-Financial Businesses and Professions (DNFBPs) — nonfinancial businesses deemed to be susceptible to money laundering due to the nature of their business and transactions — are regulated by the Tax Administration Service (Servicio de Administración Tributaria (SAT)). In Mexico, trust services are the only DNFBP for which AML measures apply

Retirement fund managers are regulated by the National Commission of the Retirement Savings System (Comisión Nacional del Sistema de Ahorro para el Retiro (CONSAR)).

Bond institutions, surety institutions, and mutual surety companies are regulated by the National Insurance and Bond Commission (Comisión Nacional de Seguros y Fianzas (CNSF)).

All other financial institutions in Mexico fall under the purview of the National Banking and Securities Commission (Comisión Nacional Bancaria y de Valores (CNBV)). This includes, but is not limited to:

  • Commercial banks
  • Development banks
  • Brokerage firms
  • Investment fund operators (SOFI)
  • Investment advisors
  • People's finance corporations (SOFIPOS)
  • Community finance corporations (SOFICO)
  • Savings and loan corporate societies (SOCAPS)
  • Credit unions
  • Exchange houses and centers
  • General warehouse companies
  • Money remittance service providers

In order to better understand Mexico’s KYC requirements, let’s take a look at the laws and memberships that influence them.

Mexico’s KYC and AML laws

Mexico's AML law — the Federal Law for the Prevention and Identification of Transactions with Resources of Illicit Origin — was passed in 2012 and went into effect in 2013. It applies to individuals and businesses in Mexico, as well as foreign businesses that operate branches or subsidiaries in the country. 

Interestingly, the law lists 15 “vulnerable activities,” in addition to financial services, to which the tenets of the law apply. These include: 

  1. Gambling games, contests, or sweepstakes. 
  2. Services cards or credit (including prepaid cards).
  3. Traveler's checks.
  4. Operations by mutual, guarantee, credit, or loan. 
  5. Construction services and the development of real estate.
  6. Marketing or brokering of precious metals, gems, and watches. 
  7. Auctions or marketing of works of art.
  8. Marketing of new or pre-owned vehicles. 
  9. Armored delivery services using new or used vehicles. 
  10. Relocation services or custody of money or securities. 
  11. Professional independent services related to buying, selling, advising, or otherwise managing a business or assets. 
  12. Notaries and messengers. 
  13. Receipt of donations by associations or nonprofit corporations. 
  14. Foreign trade services. 
  15. Use or enjoyment of real estate. 

Each of these services is subject to its own transaction limit under the law. If a company offers these services to customers and the transaction meets the limit, it triggers the need for KYC, beneficial ownership checks and verification, record keeping, and reporting. 

The law was amended in 2018 to add services related to digital assets and cryptocurrencies. This makes cryptocurrency exchanges, digital wallet providers, and other crypto service-related businesses subject to Mexico’s AML and KYC requirements. 

Additionally, the Law to Regulate Financial Technology Institutions (also known as the Fintech Law) was passed in 2018 and officially made fintech companies subject to AML and KYC compliance.

Free ebook
Get Persona's guide to global identity verification

Mexico’s KYC requirements 

Under Mexico’s AML law, financial institutions and any other business offering vulnerable activities to customers must comply with the law’s KYC requirements.

For individuals

Before providing regulated services to a customer, businesses must first verify the identity of any individual seeking to open an account. At a minimum, this includes collecting and verifying the following information:

  • Name
  • Date of birth
  • Nationality
  • Residential address
  • Taxpayer registration code (RFC)
  • Telephone number
  • Email address

Verification typically involves a combination of government ID verification (driver’s license, passport, residency card, visa, etc.) and document verification (proof of address, visa, taxpayer identification number), and a minimum of two identification documents must be collected. Likewise, database verification can be used to screen individuals against politically exposed persons (PEPs) and sanctions lists. 

When a customer is onboarded digitally for certain types of accounts, banks are required to perform a video interview (video KYC) to ensure that the individual opening the account matches the face appearing on the uploaded ID document. 

As of 2017, biometric verification is also required whenever an individual seeks to open an account with a bank or credit institution. In these instances, the institution is required to collect an applicant’s fingerprints and verify them against those contained within the National Electoral Institute’s (INE) records. In order to mitigate the risk of identity theft, any time a customer attempts to complete a withdrawal or transfer of at least 1,500 investment units (frequently abbreviated as UDIs and created in response to 1995’s Mexican Peso Crisis), their fingerprints must be collected and reverified. 

In cases where an individual is not registered to vote (and therefore does not have their fingerprints on file), a different government ID verification, document verification, and video verification will suffice. 

For corporations

When the customer is a corporation or organization, the following information must be collected and verified:

  • Corporate name
  • Nationality
  • Taxpayer registration code (RFC)
  • Serial number of advanced electronic signature
  • Address
  • Telephone number
  • Date of formation
  • Email address

Beneficial owners must also be identified and verified according to the process above. 

Automated KYC for businesses with Persona

Building a KYC program that is compliant with Mexico’s AML laws and regulations is paramount for any financial institution seeking to do business in the country. Persona’s flexible and customizable identity solutions are designed to empower you to build the KYC program that you need — regardless of jurisdiction. 

With Verifications, you can incorporate a number of methods into your strategy:

  • Government ID verification: Decide which IDs you’ll accept for IDV, including drivers licenses, passports, temporary or permanent residence cards, and more.
  • Document verification: Determine the documents you’ll accept for address verification, such as a recent utility bill, legal proof, or other documents.
  • Selfie verification: Collect selfies for liveness detection during onboarding and reverification.

Further enrich your understanding of customer risk with Reports, which enables you to cross-check against PEP databases, sanctions lists, and watchlists. You can also conduct adverse media checks and phone/email risk checks. 

Take advantage of automation with Workflows to scale your verification strategy in a resource-efficient manner.

Use Graph, our link analysis tool, to understand how accounts are linked together via shared account details and transaction activity. Uncover risky account connections and potential fraud rings in a data-driven and automated manner. 

Interested in learning more? Learn how Brex uses Persona to complete identity verification and comply with KYC requirements in more than 100 different countries. Start for free or get a demo today.

Published on:
9/5/2023

Frequently asked questions

Who must comply with KYC requirements in Mexico?

Mexico’s anti-money laundering (AML) legislation requires that a wide range of businesses implement Know Your Customer (KYC) protocols. This includes financial institutions, insurers, bond commissions, and pension/retirement account management companies. 

Nonfinancial businesses that are deemed to carry a high risk of money laundering (Designated Non-Financial Businesses and Professions, or DNFBPs) are also required to perform KYC. This includes businesses that provide any of the 15 vulnerable activities discussed above.

Is Mexico a member of the FATF?

Mexico has been a member of the Financial Action Task Force (FATF) since 2000 and is in the process of strengthening its AML laws in order to comply with the organization’s 40 recommendations. 

Is Mexico compliant with the FATF’s 40 recommendations?

Per the FATF’s mutual evaluation report (MER) of Mexico, the country is now:

  • Fully compliant on 10 recommendations
  • Largely compliant on 22 recommendations
  • Partially compliant on 7 recommendations
  • Noncompliant on 1 recommendation

What requirements must a financial institution meet to receive National Banking and Securities Commission (CNBV) authorization?

In order to operate within the Mexican financial system, any business offering services regulated by the CNBV must first receive authorization. To gain authorization, a business must:

  • Be organized as a corporation (“sociedad anónima”), in accordance with Mexican legislation.
  • Have an address within national territory.
  • Present a proposal for articles of association and a general operating plan.
  • Affirm that it has the capital requirements.
  • Have the necessary infrastructure and internal controls.
  • Have an AML/CFT manual as well as an organization manual.
  • Have AML/CFT procedures in place, including a policy for collecting identification from and information about customers.

What is a Mexican unidad de inversión (UDI)?

A unidad de inversión (UDI) is a unit of value created by the Bank of Mexico in response to the 1994 Mexican economic crisis, which saw a spike in inflation caused by the rapid devaluation of the Mexican peso. UDIs are called investment units in English. 

At its creation, one UDI was equal to one peso. But because the value of a UDI is linked to the exchange rate of the peso, it fluctuates daily, allowing it to maintain its purchasing power despite inflation.

Continue reading

Continue reading

A comprehensive guide to KYC in Australia
Industry

A comprehensive guide to KYC in Australia

Non-compliance with KYC in Australia can lead to severe penalties and sanctions. Read how Persona helps businesses comply with identity requirements.

Know Your Customer (KYC) requirements & regulations in the UK
Industry

Know Your Customer (KYC) requirements & regulations in the UK

Learn about KYC requirements that exist for different industries in the UK.

Global KYC: A KYC breakdown by countries
Industry

Global KYC: A KYC breakdown by countries

Learn how KYC regulations differ by country.

Ready to get started?

Get in touch or start exploring Persona today.