Mexico was the first country to issue sector-specific regulations for FinTech companies, published in March 2018 (the “FinTech Law”). Among other subjects, it addressed companies which use digital assets, provide financial advisory, carry out crowdfunding, and perform electronic payments. Later that year, in September, the complementary regulations were issued. Still, a lot of loopholes with regard to digital assets were still pending, which is why a further complementary regulation was discussed and worked on.

On March 8, 2019, three rules were issued by the Bank of Mexico (“Banxico”) with regard to FinTech companies which use digital assets, as well as companies which use so-called “innovative models”, and crowdfunding. Hereby, we will go broadly over the contents of said three rulings, particularly with regard to digital assets, as well as what that means for crypto companies wanting to operate in Mexico.

On March 25, 2019, amendments to the complementary regulations were published. These address mainly the security mechanisms that FinTech, and particularly crowdfunding companies, must implement, as well as their internal controls and the level of care they must have on their handling of information. These amendments also deal with the procurement of services from third parties for crowdfunding. They also set forth guidelines for the disclosure and handling of information by financial institutions.

Before March: Everything Not Forbidden Is Allowed

Before the issuance of the aforementioned rules, under a strict reading of the Fintech Law and its regulations, it could be concluded that almost no company or person was allowed to conduct transactions with cryptocurrency or to perform any other activities which involved cryptocurrency altogether. At this time, crypto companies operating in Mexico were doing so by taking advantage of certain legal loopholes and had to be very careful in the way they operated and the treatment they gave to their companies or tokens to avoid unlawfulness, at the risk of incurring into penalties including fines and prison time.

The only entities allowed the onset to legally manage cryptocurrencies in any way were the recognized Financial Technology Institutions (“ITFs”), namely wallets and crowdfunding companies. Nevertheless, such management would still be constrained by the rules to be issued by Banxico, and could not surpass such limits. To operate with cryptocurrencies, every other company not specifically addressed by the Fintech Law had to require an authorization to operate as an “innovative model”.

Innovative models are defined by the Fintech Law as any that, for the rendering of financial services, use tools or technological means with different modalities to the ones existing in the market at the moment the temporary authorization* is issued.

Once a company is granted such an authorization, it can only perform the activities expressly mentioned in the authorization. Companies other than ITFs which carry out any activities with digital assets are considered to perform “vulnerable activities” according to the Anti Money Laundering regulations, which means they must implement rigorous KYC programs and submit periodic reports to the Treasury Ministry.

After March: New Banxico Rules

The most polemic rule issued this March is the one regarding digital assets. It pretends to define what are to be considered as digital assets, as well as which characteristics they will have and which institutions will be able to perform operations with them. Strict terms are set forth, whereby strong monitoring by Banxico will take place with regard to digital assets, their nature and operations, as well as which reporting duties will the authorized companies have, and the terms of the authorizations themselves. Under the current rule, activities which regularly correspond to wallets and exchanges are not allowed anymore, since they are expressly stated as not eligible to receive authorization.

Some clear problems originate from this rule. For starters, according to it, digital assets must be: (i) information units unequivocally identifiable, (ii) which are registered electronically, (iii) which must not represent rights over another asset (read: tokens), and (iv) must have in place non-replicable protocols. This definition is difficult to understand and to uphold in practical terms.

And that’s not it. Experts have commented in the sense that Banxico displayed a plain lack of knowledge with regard to crypto and digital assets since it asserted that these can be volatile, expensive to use for transactions, and hardly scalable, as well as bringing risks to their holders because they could not fully know the possible problems and risks derived from their use due to their technological complexity, as well as from the uncertainty of the determination of their supply and demand and thus, their price. As if all users of regular financial services and instruments fully understood how they work, but it could be more dangerous to mess with digital assets. Ultimately, the recommendation of Banxico is to “keep a healthy distance” from digital assets. Sadly, this would mean that all financial services in Mexico would have an important handicap when compared to the rest of the world. Regardless it concludes its reasonings expressing Banxico’s interest in promoting the use of new technologies, as long as they are used within the internal operations of ITFs and credit institutions and don’t have an impact in the end user.

It is important to note that one of the reasons to implement strict controls by Banxico, was the prospect of serious AML and the threat of terrorism financing due to the easiness with which digital assets can be moved from one country to another.

The other two rules address the aforementioned entities other than ITFs operating with “innovative models” and entities which perform crowdfunding. The first one sets forth the requirements to be met by said entities in order to obtain a temporary authorization by Banxico to perform routing, compensation or liquidation activities. Under the said authorization, they will be able to try innovative models in a delimited risk environment, only for the aforementioned activities. Among the requirements, there is the implementation of risk assessment mechanisms derived from the possible failure of the innovative models used. In the second rule, Banxico establishes the way in which crowdfunding entities may carry out transactions in foreign currency, as well as which information must be submitted to Banxico with regard to said transactions, especially when it comes to crowdfunding entities which perform electronic payments.

Taking into consideration all of the above, until before the issuance of the three aforementioned rules by Banxico, crypto companies could only operate in Mexico if they were careful enough as to avoid falling within any of the definitions provided by the Fintech Law, and were operating “outside the law”, meaning they were performing a “not forbidden” activity rather than a regulated one. In case they indeed performed a regulated activity under the Fintech Law, they would be subject to penalties if they did not have the pertaining authorization. The game has changed since March of this year, due to the new rules covered in this document.

Presently, only authorized financial institutions can perform activities which involve in any way digital assets (no more acting under the “everything that is not forbidden is allowed” principle), which leaves a considerably small group being able to manage crypto. Not being this all, such digital assets must comply with the characteristics set forth by Banxico rules and be subject to its constant monitoring and reporting duties, and be used only for the internal operations of a financial institution, caring not to “impact the end user”. This means a regular crypto company cannot operate in Mexico under these rules unless it gets authorization from Banxico and uses some scheme not to impact its end users, and exchanges and wallets cannot operate at all.

Conclusion

Fortunately, the term for every person to submit comments or suggestions is still open (for just some more days) and will be considered by Banxico, whereby there is a possibility that amendments for these rules will be done, and not everything is lost for the crypto environment in Mexico.

At Mati, we expect Banxico to consider the observations from the industry players, who have submitted more than 50 comments since their operating capacity could be wiped out if these rules are kept as they are. However, we are anticipating Banxico to expand the scope of the authorization since the current status on the draft would only allow for banks and some Fintech companies to have contact with crypto transactions.

Nevertheless, the first step in any process to receive authorization from Banxico (or any other crypto regulator in Mexico) will start with a proper AML/KYC process, due to the importance given to AML and the terrorism financing fear which stems from the simple way in which digital assets may be displaced from one place of the world to another. It is important to mention that AML/KYC checks are not limited to companies in the Fintech or crypto space, but rather they expand to almost every industry where monetary transactions take place.

Implementing a tool like the one Mati offers will help project your company’s seriousness about compliance and transparency when performing transactions before regulators such as Banxico, and will get you closer to getting a full authorization.


* Said authorization must be granted to all entities operating under these laws before they carry out any activities to be considered lawful.