VASP regulation in Mexico

Regulation of the cryptocurrency market is constantly becoming stricter. Nowadays jurisdictions impose high regulatory and risk management requirements on virtual asset service providers.

Despite this, we always manage to find a solution that suits the client. All the time our team provides research of the market and regulations on various markets to find the best jurisdiction. Recently we have made the global overview of the VASP regulation in the Latam Countries and are ready to share information with our future and existing clients. Today we will look at the features of obtaining a cryptocurrency license in Mexico.

The law regulating the activities of VASPs

The Law on Regulation of the Financial Technology Institutions (“FinTech Law”) 2018?

Circular 4/2019

VASP regulator

Bank of Mexico (“Banxico”)

Activities included in VASP services

There is a clear distinction between the regulation applicable to non-financial entities (companies that carry out activities, services or operations that are not reserved by financial regulation specifically in favour of any financial entity, therefore their performance does not require prior registration, authorisation or concession by the financial authorities) and financial entities (FI) (Credit Institutions, Electronic Payment Funds Institutions, and Collective Financing Institutions) are required to obtain prior authorisation from the Banxico.

Non-Financial Entities that carry out or facilitate Transactions with Virtual Assets, better known by the Financial Action Task Force (“FATF”) as VASPa, are regulated by the Anti-Money Laundering Legal Framework.

All Non-Financial Entities engaged in carrying out Transactions with Virtual Assets with their clients in national territory, even if they are incorporated abroad or the technological infrastructure that allows the performance of such operations is located there, are also obliged to comply with the Anti-Money Laundering Legal Framework.

The FI that enter into Virtual Asset Transactions corresponding to Internal Transactions,are subjects to prior authorisation granted by Banco de México, these entities shall be prohibited from entering into transactions with said assets on terms other than those established in the respective authorisation.

The FI, in the execution of Transactions with Virtual Assets, shall at all times prevent the direct or indirect transfer of the risk of such Transactions with Virtual Assets to the Clients of such Institution.

Those Transactions that the FI request to enter into with virtual assets through which they intend to directly provide their Clients with virtual asset exchange, transmission or custody services shall not be eligible for obtaining the authorisation.

VASP registration procedure for a local company

The authorisation requests shall be sent by the FI by e-mail to the Central Banking Authorisation and Consultation Management of Banco de México at [email protected].

The persons subscribing the requests shall:

I. Have a valid Digital Certificate issued in their name, and

II. Sign the requests digitally using the tool that Banco de México determines for these purposes and makes known, as well as the Digital Certificate referred to in section I of this Provision.

In those cases in which the Institutions do not have access to the necessary elements to send digitally signed applications, they may deliver them to the Central Banking Authorisations and Consultations Management, at Avenida 5 de Mayo number 2, Colonia Centro, Postal Code 06000, Mexico City, in original, in duplicate, and signed by persons with powers to exercise acts of administration or ownership, for which purpose they must attach to their request a simple certified copy of the deeds containing the aforementioned powers, together with a statement specifying the reason why they need to send requests by this alternative means.

The FI that intends to carry out operations with Virtual Assets shall submit its application for authorisation to Banco de México. The application shall be accompanied by the following information:

1. The description of the Virtual Assets Transaction model that the FI intends to use to carry out such transaction, in which the requesting Institution shall establish the measures it intends to establish to prevent the direct or indirect transfer of the risk of such Virtual Assets Transactions to the respective FI’s Clients, as well as the manner in which the FI shall supervise compliance with such measures;

2. A comparative table allowing identification of the requirements of the applicable regulation and the measures that the FI shall establish for the purpose of complying with such regulation, as well as the reference to the document containing the evidence supporting compliance. To this effect, the FI shall demonstrate the feasibility of such measures and support its capacity to implement them, as well as indicate the time in which it expects to be able to carry out their implementation;

3. The benefits of carrying out the Virtual Asset Transactions for which authorisation is requested;

4. The operating manuals that the respective FI has prepared in relation to the Virtual Assets Transaction for which the FI requests Banco de México’s authorisation. T

5. A comprehensive risk framework to be followed that identifies at least the risks associated with the Institution’s Virtual Assets Transaction, taking into account at least the business, foreign exchange, financial, operational, cybersecurity, operations with resources of illicit origin and reputational risks, including at least the following information: Identification of risk sources; Measurement of risk exposure; Allocation of own resources for risk management; Risk control and containment policies and procedures; Recovery plan; Risk management review and adjustment policies and procedures; Risk management disclosure.

Authorization of VASP from another state to provide services in the jurisdiction

FI may contract with third parties, including other national FI or foreign entities, the rendering of services related with Transactions with Virtual Assets. These FI shall obtain prior authorisation from Banco de México, based on the request submitted for such purpose.

Together with the request, FI shall provide, with respect to the third party with which they intend to agree on the provision of services related to Virtual Assets Transactions, the documentation and information indicated below:

1. Draft contract or legal instrument that it intends to enter into with the third party;

2. Approval of the Administrative Body (Amended by Circular 37/2020);

3. Documents accrediting the experience, technical capacity and sufficiency of human resources of the third party with respect to the services to be contracted;

4. The procedure offered by the third party to the institution for identifying, measuring, monitoring, limiting, controlling, reporting and disclosing the risks that may arise from the provision of its services;

5. The mechanisms for the settlement of disputes agreed between the Institution and the third party, relating to the contract or legal instrument they have entered into;

6. The procedure for evaluating the performance of the third party in the provision of services, the fulfilment of its contractual obligations and the periodicity of the evaluation;

7. The document describing the actions to be taken for the orderly termination of the same, in the event that the provision of the service through the third party is suspended and it is not possible to immediately replace the third party in the provision of the service, and

8. Such documentation, information and certifications as Banco de México may additionally request.

In the event that the FI enters into a contract or legal instrument with third parties, who provide the service totally or partially outside the national territory related to Internal Operation services with virtual assets, in addition to the requirements mentioned above, the FI must:

1. Prove that the third parties reside in countries that, on the one hand, their domestic law provides protection to the data of individuals, safeguarding their confidentiality, or that maintain international agreements signed with the Mexican State on the protection of personal data and that, on the other hand, allow the exchange of information between competent authorities abroad;

2. Additionally provide in the instrument containing the approval of the board of directors or equivalent body responsible for the management functions referred to in section II of the previous Provision, that there will be no impact on the operational continuity of the Institution, due to the geographical distance and, if applicable, the language to be used in the provision of the service, and

3. Have technical support schemes that allow for the resolution of problems and incidents regardless of the differences, if any, in time zones and working days.

Requirements to the VASP after registration (corporate maintenance, reporting, substance)

FI shall carry out a review every calendar year of the comprehensive risk framework referred to in the paragraph 5 in order to keep it up to date. In case such update is required, they shall make the necessary modifications and, in case new risks are generated, they shall report to Banco de México which are the new risks generated and their potential impact.

Liability provided for the activities of a VASP without local registration

No information

Our contacts

If you want to become our client or partner, feel free to contact us at?[email protected].

Or use our telegram?@manimama_sales?and we will respond to your inquiry.

We also invite you to visit our website:?https://manimama.eu/.

Join our Telegram to receive news in a convenient way:?Manimama Legal Channel

Manimama Legal & Growth Agency provides a gateway for the companies operating as the virtual asset wallet and exchange providers allowing to enter to the markets legally. We are ready to offer an appropriate support in obtaining a license with lower founding and operating costs. We offer KYC/AML launch, support in risk assessment, legal services, legal opinions, advice on general data protection provisions, contracts and all necessary legal and business tools to start business of virtual asset service provider.

The content of this article is intended to provide a general guide to the subject matter, not to be considered as a legal consultation.