MEXICO Law and Practice Contributed by: Lizette Neme, Andrea López-Malo, Shannon Reilly, Rodolfo Flores and Dunia Salum, Áurea Partners
11.2 Concerns Raised by Open Banking In Mexico, banks and technology providers address data privacy and security concerns raised by open banking primarily through adherence to the applicable regulatory framework, secrecy, customer consent, and mandatory internal control measures. Under Fintech Law, financial entities must operate within the scope of their CNBV authorisation and implement policies and systems to ensure confidentiality, integrity, and availability of customer information, including secure technological infrastructure, information security con - trols, and fraud and cyber-risk prevention measures. In addition, the applicable financial laws require finan - cial institutions to maintain the privacy and confiden - tiality of customer data, mandating the use of strong encryption methods for data transmission between financial institutions. At the same time, the Mexican Data Protection Law requires any organisation, includ - ing banks and technology providers, to implement data protection measures to ensure that personal information is handled properly and securely. Fraud is regulated through a combination of criminal law, financial regulations and sector specific rules. • Criminal law: the Federal Criminal Code classifies fraud as a criminal offence; it includes obtaining money, goods, or services through deception, trickery or misrepresentation. The penalty depends on the amount defrauded along with fines and restitution. • Financial and banking regulations govern mis - conduct within their respective sectors, including unauthorised transactions, investment fraud, virtual asset-related misconduct, and insurance fraud. Violations may lead to administrative sanctions and criminal persecution. 12. Fraud 12.1 Elements of Fraud In July 2024, the CNBV introduced new regulations aimed at enhancing fraud prevention within banking institutions. These rules are designed to strengthen banks’ internal control frameworks to more effectively detect and prevent fraudulent activities. This includes
• when NFTs grant economic or profit-sharing rights or are marketed as investment products (potentially classifying them as securities); • when transactions rely on virtual assets or pay - ment system infrastructure subject to central bank oversight; or • when platforms offer services to the public and commercialise digital content, thereby activat - ing consumer protection and intellectual property obligations. 10.13 Stablecoins Stablecoins are not expressly regulated as a stan - dalone asset in Mexico. The Fintech Law’s definition of “virtual assets” excludes assets denominated in legal tender or foreign currency, so fiat-backed sta - blecoins do not fall within that category. However, the regulators’ position is that when stablecoins are issued in exchange for fiat money, they may be treated as deposit-taking, an activity reserved for regulated financial institutions. As a result, their public issuance or offering generally requires authorisation, and there is no specific regime governing reserves or redemp - tion mechanics for stablecoins as such. The Fintech Law established Mexico as a pioneer by mandating an open finance model, which is broader than “Open Banking” because it requires data sharing across the entire financial ecosystem. Under Article 76 of the Fintech Law, all financial entities are obligated to share three types of data via standardised APIs: (i) open data (products and locations), (ii) aggregated data (statistical), and (iii) transactional data (individual customer history). However, full implementation has stalled because the CNBV and Banxico have yet to issue the necessary secondary regulations for the most critical categories. As of January 2026, the only fully operational rules apply to open data regarding ATM locations and basic branch services. 11. Open Banking 11.1 Regulation of Open Banking
554 CHAMBERS.COM
Powered by FlippingBook