Introduction
Purpose of reforms
Summary of amendments
What are the transactional limits established for non-face-to-face transactions?
How should the customer be identified within these transactional boundaries?
What happens if the client exceeds the transactional limits?
Is authorisation from the authority required for non-face-to-face identification?
From when must financial institutions implement these changes?
On 9 September 2021, the Department of Finance and Public Credit published various resolutions in the Official Gazette of Mexico to amend, add and derogate different provisions applicable to many financial institutions concerning the digital identification of clients (the provisions). In particular, the affected dispositions were:
- articles 71 and 72 of the Law to Regulate the Activities of Savings and Loan Cooperatives;
- article 212 of the Securities Market Law;
- article 91 of the Investment Funds Law;
- article 124 of the Law of Savings and Loan Associations; and
- article 115 of the Law of Credit Institutions, in connection with 87-D and 95-bis of the General Act on Credit Organisations and Related Activities.
These proposed amendments were available for public consultation from June 2021 to August 2021 on the National Commission for Regulatory Improvement's website. The resolutions established the framework of compliance with the prevention of money laundering and the fight against the financing of terrorism by financial entities.
In general, the provisions intend to include new technological mechanisms (eg, biometrics, proof of life and authentication factors) to enable financial entities to remotely identify clients.
The amendments contemplate the possibility of entering into non-face-to-face contracts with natural and legal entities of Mexican nationality.
The Department of Finance and Public Credit amended the following provisions:
- The concept of "geolocation" was modified to indicate that if customers enter into contracts or perform non-face-to-face transactions from a device that, due to its characteristics, cannot provide geolocation, the financial entity will have to obtain, with the prior consent of the client, the latitude and longitude coordinates of its geographic location.
- "Technological ID mechanisms" is now defined as how financial entities compare the valid identification documents and apply life tests. The financial entities must keep the results of these mechanisms on the customer's file.
- The concept of a "device" was modified to indicate that it does not include those that are owned or controlled by financial entities.
- The possibility to appoint an officer to perform the functions of a compliance officer on an interim basis for up to 90 calendar days in a calendar year was clarified.
- The Department of Finance and Public Credit's power was expanded to include in the list of blocked persons those who appear in the list of taxpayers referred to article 69-B(4) of the Federal Fiscal Code.
What are the transactional limits established for non-face-to-face transactions?
The transactional limits vary according to the type of financial institution and the mechanism used:
- investment funds – transactions up to 207,127.17 Mexican pesos in a calendar month;
- popular finance companies (SOFIPOS) and savings and loan cooperative societies (SOCAPS):
- capital stock contributions and deposit account openings up to 207,127.17 or 414,000.00 Mexican pesos in a calendar month; and
- consumer and commercial loans up to 414,000 or 690,000 Mexican pesos;
- multiple-purpose finance companies (SOFOMES) – loans not secured by real estate up to 207,127.17 or 414,000 Mexican pesos; and
- brokerage firms – transactions up to 207,127.17 Mexican pesos in a calendar month.
How should the customer be identified within these transactional boundaries?
An unedited recording containing both image and sound must be held for the entire duration of the contract and, once the contract is concluded, for at least 10 years from the conclusion of the contractual relationship.
If the applicant declares itself to be a client of the entity, the entity must verify its data against its records and authenticate it with a category three authentication factor, which complies with the security features outlined in the provisions.
What happens if the client exceeds the transactional limits?
The entity must also check whether the applicant's biometric information matches the records of the National Electoral Institute, the Ministry of Foreign Affairs or any other Mexican authority. Otherwise, the financial entity must conduct a face-to-face interview and integrate the client's identification file with all of the information and documentation.
Is authorisation from the authority required for non-face-to-face identification?
It is essential to bear in mind that the technological identification mechanisms in the execution of non-face-to-face transactions require prior authorisation or notice before the National Banking and Securities Commission, depending on the mechanism and transactional limits used.
From when must financial institutions implement these changes?
Entities will have between four and 18 months from the date on which the resolutions were published in the Official Gazette of Mexico to comply with the new obligations contained in the provisions, including modifying their compliance manual and their risk-based approach methodology, and updating their automated systems.
For further information on this topic please contact Sofía Rojas Cuellár, Diego A Ramos Castillo, José Antonio Casas Vessi or Rodrigo Ramos Hopkins at Ramos, Ripoll & Schuster by telephone (+52 55 1518 0445) or email ([email protected], [email protected], [email protected] or [email protected]). The Ramos, Ripoll & Schuster website can be accessed at www.rrs.com.mx.