MEXICO Law and Practice Contributed by: Pablo Perezalonso Eguía, Isabel Ortiz-Monasterio Borbolla and Alejandro Mosqueda Pérez, Ritch, Mueller y Nicolau, S.C.
ESG obligations for pension fund managers Effective January 2022, Mexican pension fund managers (AFOREs) are required to consider ESG criteria when making investment deci - sions. This regulation ensures that pension funds contribute to sustainable economic and environmental projects, maximising benefits for the economy and society. Conclusion Mexico’s regulatory developments reflect a broader commitment to embedding ESG prin - ciples into its financial framework. From the introduction of the sustainable taxonomy to enhanced disclosure standards and tools, the nation is creating a robust environment for sus - tainable financing. These efforts not only support Mexico’s climate goals but also position its finan - cial sector as a key player in the global transition to a sustainable economy. Financial institutions operating in Mexico must now navigate these regulations to ensure compliance while leverag - ing opportunities to support environmentally and socially impactful initiatives. While the Digital Operational Resilience Act (DORA) is an EU regulation and does not directly apply in Mexico, certain regulatory frameworks in Mexico address operational resilience, cyber - security, and third-party risk management in the banking sector, which align with DORA’s objec - tives. ICT Risk Management The CNBV requires financial institutions to implement robust frameworks for managing risks related to information and communication technology (ICT). Banks must establish inter - 10. DORA 10.1 DORA Requirements
nal controls, regularly assess vulnerabilities, and adopt measures to mitigate cybersecurity threats as per the CUB. Incident Reporting Mexican banks must report significant opera - tional or cybersecurity incidents to the CNBV promptly. This is outlined in Article 168 Bis 16 of CUB, which aims to address and protect operational continuity and cybersecurity, ensur - ing transparency and timely intervention in the event of disruptions. Third-Party Risk Management Financial institutions are obligated to oversee and manage risks associated with third-party service providers, especially those offering ICT services. Regulations require due diligence, reg - ular monitoring, and contractual safeguards to ensure resilience across outsourced operations. Operational Continuity and Disaster Recovery Banks in Mexico are required to maintain robust business continuity and disaster recovery plans, aligning with best practices for operational resil - ience. Testing and periodic updates of these plans are mandatory to ensure preparedness for operational disruptions. International Standards Influence While DORA is not directly applicable, Mexi - can regulators are influenced by global stand - ards and practices, including those of the EU, to maintain international competitiveness and ensure the stability of cross-border banking operations. Mexican banks with EU opera - tions or partnerships are particularly mindful of DORA’s requirements to maintain compliance in those jurisdictions. These requirements reflect Mexico’s commit - ment to operational resilience in the financial
387 CHAMBERS.COM
Powered by FlippingBook