KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

namedate of birthnationalityaddress

KYC to onboard international persons

namedate of birthnationalitytax codetelephone numberaddressemail

corporate requirements

corporate namenationalityCode of taxpayer registration (RFC)Serial number of Advanced Electronic Signature Proof of addressTelephone numberDate of constitutionE-mailEconomic activity or social activity

National ID card name

Cédula de identidad ciudadana

Does the country have Esignature Laws?

Mexico, in E-Commerce and The Law of Digital Signatures

E-sig law files

Further details on AML regime

There are different laws that apply to the financial sector and the issue date of each General Provisions – please contact Martin or Sophie for further details.

Who is the regulator for AML controls for Banking

Comisión Nacional Bancaria y de Valores (CNBV, National Banking and Securities Commission) Regulated Institutions

Link to site

N/A

Other financial Services

Comisión Nacional de Seguros y Fianzas (CNSF, National Insurance and Surety Institution) Regulated Institutions

Website of Regulator

N/A

Financial Sector regulator

N/A

Practical Guidance for AML

The Ministry of Finance and Public Credit (Secretaria de Hacienda y Credito Publico, SHPC), via the Official Journal of the Federation publishes practical guidance to firms regarding AML requirements and best practices for AML prevention. Ministry of Finance and Public Credit (Secretaria de Hacienda y Credito Publico, SHPC) The SHCP has a section of FAQ´s aimed at fomenting a culture of AML prevention in financial institutions as well as non-financial institutions. National Banking and Securities Commission (Comisión Nacional Bancaria y de Valores, CNBV) Taking into account that the prevention of crime starts with educating and diffusing a culture of prevention, the CNBV created the present section with the purpose of educating the public in a practical way, about different aspects related to AML/CFT.

Practical guidance PDF's

hacienda

Is there a requirement to verify the identity of customers retroactively?

Yes

Retroactive details

The financial sector has historically applied KYC policies, but under an internal controls approach rather than for the purpose of anti-money laundering prevention.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

Mexico was initially evaluated by the GAFI in 2008, since then GAFI and GAFISUD have issued monitoring reports in 2009, 2010, 2011 and 2012.

Are there minimum transaction thresholds (Y/N)

Yes

More details on minimum transaction thresholds.

Each of the different entities that are subject to AML general provisions as mentioned in answer 3 consider different transaction thresholds, depending on the type of products and services that they each provide.

What are the requirements for customer identification information for individuals

In the case of individuals: a) Full name b) Date of Birth c) Nationality d) Employment Information e) Code of Taxpayer registration f) Serial number of Advanced Electronic Signature g) Proof of address h) Telephone number i) E-mail

Details to be Collected on Corporates

In the case of corporations: a) Corporate name b) Economic activity or social activity c) Nationality d) Code of taxpayer registration (RFC) e) Serial number of Advanced Electronic Signature f) Proof of address g) Telephone number h) E-mail i) Date of constitution

What are the high level requirements around beneficial ownership (identification and verification)?

Requirements for the identification of the beneficiary may vary depending on the type of client and the institution that requires them, but in general they include: a) Full name b) Date of birth c) Proof of address d) Same documents required by client e) If a document presents scraps or has been repaired the entity should ask for this other information: 2 bank references or commercial references that contain the aforementioned data.

What circumstances are enhanced customer due diligence measures required?

a) Client personal interview b) Visits to clients address c) Criteria to classify the risk a client represents. d) Transactions made with dollars from the United States of America (Credit Institutes and foreign exchange houses) e) Currency Operation Reports of transactions made in United States of America Dollars (Credit Institutes and foreign exchange houses) f) Reports of international transfers of funds (Credit Institutes and foreign exchange houses) g) Exchange of information between entities h) Know Your Customer and/or User Policies

How should FI's deal with Politically exposed persons

The Ministry of Finance and Public Credit (Secretaría de Hacienda y Crédito Público, SHPC), provides the public with a list of criteria for determining whether a customer should be considered as politically exposed.

What enhanced due diligence must be performed for correspondent banking relationships?

Mexican regulation does not require that enhanced due diligence be performed for correspondent banking relationships. Each entity establishes its own criteria and mechanisms of control and prevention. Generally entities that respond to a foreign corporate base have stricter AML controls

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes, according to AML General Provisions.

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Depending on the amount of the transaction, some institutions require additional information to support that transaction.

To whom are SAR's made? (suspicious activity reports)

Secretaría de Hacienda y Crédito Público (SHCP) via the respective regulatory bodies

Other Suspicious or unusual transactions obligations.

In most financial entities, there are thresholds for relevant operations, cash transaction, international fund transfers and US dollar transactions above which a suspicious activity report must be filed. For further details, please contact Martin or Sophie In addition, a transaction is to be considered suspicious in the follow circumstances: a) When a manager, officer, employee or agent of the entity, maintains a standard of living well above that would correspond, according to the earnings of the person in question. b) When, without reasonable cause a director, officer, employee or agent of the entity has repeatedly participated in operations that have been reported as unusual transactions. c) When, without reasonable cause there is a gap between the functions that a manager, officer, employee or agent should do, and the activity the person in question actually carries out.

Are there any de-minimis thresholds below which transactions do not need to be reported?

In most financial entities, there are thresholds for relevant operations, cash transaction, international fund transfers and US dollar transactions, below which a suspicious activity report does not need to be filed. For further information, please contact Martin or Sophie.

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Yes, according to AML General Provision

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Yes. Entities must have automated systems which must have the following functions: a) Maintain and update data to allow consultation of the records. b) Generate, encode, encrypt and securely transmit to the secretary, through the commission, information on significant transactions reports, unusual operation, and international transfers. c) Classify types of operations or financial products offered by entities to their customers or users. d) Detect and monitor the operations performed by a client or by the same user from those indicated. e) Run warning systems that contribute to the detection and monitoring of suspicious activity analysis. f) Group on a consolidated basis of the different contracts to the same client. g) Maintain historical records of possible worrisome internal operations and Unusual Operations. h) Serve as a means for the agency staff so they can report to internal areas that they determine, in a safe, confidential and auditable way. i) Maintain security schemes of information processed. j) Run an alert system on operations that intend to carry out with people linked to terrorism or its financing, or other illegal activities.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Yes, according to General provisions

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

N/A

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

N/A

Data Protection for Corporate Data

N/A

Data protection for "sensitive Data" and additional protections.

N/A

Do any restrictions on the transfer of credit reports exist?

N/A

Regulator Acronym

CNBV

Year of last FATF mutual evaluation

N/A

Field 67

additional innformation

National ID card details

The National Electorate Institute ("Insituto Nacional Electoral" (INE)) issues a Voting card (Credencial para votar) for Mexican citizens when they become 18 years old. The card is compulsory in order to participate in Federal level elections, and is the de facto ID for most legal transactions.

Compulsory?

Passport Photo

practical Guidance yes / no

Legal Requirement

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Yes

Who are SARS made to?

SHCP

shell banks

Yes

EDD for correspondent banking

key restrictions

Digital signatures may be required for the certification of official documents and for documents related to tax obligations.

Summary

Mexico’s laws generally permit parties to state their consent though electronic means. Summary of law Mexico is considered a two-tier jurisdiction because it gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable. Countries that follow this model give companies the opportunity to select different forms of signatures and customize their business processes based on the form that is most convenient and appropriate for each use case. Mexico amended several laws, including the Code of Commerce, Federal Civil Code and Federal Code on Civil Procedures, to permit the use of electronic signatures and advanced electronic signatures. Under this system, advanced electronic signatures are preferred, but parties are generally free to determine the form of acceptance for an agreement.

Are e-signatures acceptable

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

There are different standards for each type of financial institution. Some AML regulations became effective in the last two years, mainly to regulate the activity of the Multiple Purpose Financial Societies (SOFOMs) and Credit Unions. In addition, in October 2012 Mexican authorities issued the new Federal Law for the Prevention and Identification of Operations with Illegal Resources to regulate Designated non-Financial Businesses and Professions. Prior to 2011 SOFOMs were not subject to AML regulations. In the case of the Credit Unions, they previously were subject to the general provisions of The General Organizations with Auxiliary Credit Activity.

Non financial sector (e.g. casinos, high value goods etc.)

Secretaría de Hacienda y Crédito Público (SHCP, Secretary of Finance and Public Credit) Actividades vulnerable

Does the country have a risk based approach?

There is not an official risk approach model established by the authority, but the general provisions require the entity to integrate a model based on parameters which classifies their clients depending on the risk they represent, establishing at least two levels of risk: low and high risk customers.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Copies of identification documentation are provided at the initial stage of the commercial relationship, at the time the Client File is created. While there is no legal requirement around independent verification or authentication of identification documentation, some institutions are implementing authenticity measures, some of which include black lights and special training courses for detecting false Ids.0

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

N/A

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

N/A