In accordance with the Financial Technology Institutions Law (“Fintech Law”), fintech companies must comply with a series of standards to operate as fintech companies, among others, capitalization, risk prevention, cybersecurity, customer identification and preventing money-laundering.
With the publication of ancillary Rules to Fintech Law, the list of requirements that fintech companies must comply to obtain such authorization from the National Banking and Securities Commission (“CNBV”) is now complete.
People involved in this kind of activities have 12 (twelve) months of September 25th to request such authorization or desist from performing crowdfunding activities or electronic payment fund services through internet or digital media; the CNBV will have 90 (ninety) days to resolve the authorization in accordance with Fintech Law.
The application form must include the following:
- Business Plan.
- Account separation policy provided in the Fintech Law.
- Policies to disclose risks and responsibilities for the operations carried out by the fintech company, in simple and clear language, including commissions, charges and withholdings charged to clients.
- Policies regarding operational risk control, information security, confidentiality and evidence of safe, reliable and accurate technological support for customers and minimum standards to prevent, among others, fraud and cyber-attacks.
- Operative processes and customer identification control.
- Policies to resolve potential conflicts of interest.
- Connection of people who directly or indirectly maintain or intend to maintain a share in the capital stock of the fintech company, including the resources origin, information on the financial situation (individuals) or financial statements for the last three years (entities) and any other information that allows verifying business and credit records.
- Information regarding the individuals that will manage the company or be appointed directors;
- Information evidencing that the fintech company has the right to use the interface, website or electronic or digital media.
- Information of the incentive scheme for crowdfunding.
- Financial Viability Study for the first 3 years of operation;
- Proposed corporate name for the fintech company, as well as the commercial name and brand to be used for it;
- Drafts of operation manuals, internal control and risk management, as well as the organization and internal control, including the structure of its management and oversight bodies;
- The copy of the document issued by the CNBV, stating the current certification of the compliance officer appointed by the company;
- Where appropriate, the applications regarding cash resources receipt and transfers
The Rules also set the requirements for those interested in contributing equity to companies that intend to obtain the authorization to operate and be organized as a fintech company, the CNBV requires certain personal and other applicable information through specific formats, according to the percentage of equity to be subscribed; as well in the event a person or a private equity fund acquires or receives shares of a fintech company as security.