On September 23rd, 2021, the CNBV published on the Federal Official Gazette (Diario Oficial de la Federación), a resolution by which the General Provisions applicable to Financial Institutions (Disposiciones de carácter general aplicables a las instituciones de crédito, also know as the Circular Única de Bancos) (“CUB”) was modified. Such resolution was implemented as part of an action plan allowing a larger portion of the population to have access to financial services in Mexico.

The main aspects arising from the modifications to the CUB include:

I. Inclusion of specific provisions for Commission Agent Managers (Administradores de Comisionistas) in order to ensure that, to carry out transactions under such provisions, such Managers organize a network of banking commission agents for the transactions to be rendered in a uniform manner, in order to maintain a high-quality standard in the performance of such transactions. Such provision includes aspects such as:

  • An authorization from the CNBV is required in order to hire Commission Agent Managers;
  • Commission Agent Managers are allowed to provide technological infrastructure services , having to attach to the authorization request, a description of the technological services to be provided, as well as the security schemes that associated to such services; and
  • Minimum requirements to the standard form agreements, which include, (i) prohibition to include advertising in the vouchers of transactions carried out in the name of the contracting Bank, (ii) subcontracting services related to the entrusted commission, and (iii) obligation of the Manager to verify the compliance of the commission agents with the requirements set forth in the CUB, as well as to include the obligation to allow audits.

II. Possibility of using Category 3 Authentication Factors was included, as well as elements that may not be considered as such;

III. New services that Banks may contract without the need for authorization or prior notice to the CNBV were included. These services include:

  • Receiving funds from debtors for the payment of loans in favor of the Bank;
  • Payment of third-party loans, with charges to credit and debit cards, which are made through Specialized Companies (Empresas Especilizadas), and which are subject to the provisions applicable to the participants of the payment disposal network (participantes en red de medios de disposición);
  • Maintenance services for equipment and computer network systems, in the cases where the contracted third party does not have permission to access sensitive information, equipment security configuration information, or access control administration;
  • Telecommunication services for the transfer of information, provided that the Banks have certain minimum security requirements;
  • Settlement and clearing services for transactions with Clearance Houses (Cámaras de Compensación);
  • Electronic signature certifiers that are authorized by the Tax Administration Service (Servicio de Administración Tributaria);
  • Biometric information database management; and
  • Services to develop or manage interfaces for programming standardized software applications to share open financial data and aggregated data.

IV. Obligations imposed on service providers and commission agents, such as allowing home visits by the Bank and the CNBV, as well as allowing audits, shall be transferred to any third party they subcontract for the performance of activities related to their commission or the rendering of services to the contracting Bank;

V. Banks must verify that service providers, commission agents or Commission Agent Managers, as well as their shareholders and, if applicable, subcontractors, are not included in the official lists issued by Mexican or foreign authorities, international organizations, and intergovernmental groups, of persons linked or probably linked to operations with resources of illicit origin, terrorism, or its financing, or with other illegal activities;

VI. Banks must perform audits, at least once every 2 (two) years, for the purpose of verifying compliance with the provisions applicable to contracting with third parties and bank commission agents, as well as with the provisions that refer to computer security and operational standards;

VII. Banks that intend to hire bank commission agents must submit for authorization of the CNBV, on a one-time basis, a strategic business plan that contemplates all the transactions they may perform, as well as including the form of the commercial commission agreement that will serve as the basis for the agreements to be entered. If the Banks intend to contract new commission agents in addition to those approved in the strategic plan, they must request authorization or submit prior notice to the CNBV, depending on the specific service of the new commission agent; and

VIII. Banks must have a list of commission agents and a list of service providers that have been contracted.