RESEARCH: Mexico Virtual Asset Regulatory Status

Primary Regulatory Bodies and Their Authorities

Banco de México (Banxico) – Central Bank Authority

• Banco de México (Banxico) has primary authority to regulate virtual assets for financial institutions, including granting authorization for internal operations and establishing prohibitions for client-facing services, as derived from the Ley para Regular las Instituciones de Tecnología Financiera (Fintech Law) Ley Fintech - Artículo 30. This law grants Banxico the authority to issue general provisions for virtual asset operations by credit institutions and other financial entities. Subsequently, Banxico exercised this authority through Circular 4/2019, which explicitly prohibits credit institutions from offering virtual asset exchange, custody, or transfer services to their clients Circular 4/2019 - Banxico. The prohibition applies strictly to banks and similar credit institutions, not to all financial entities; Fintech Institutions (ITFs) operate under a separate framework.

National Banking and Securities Commission (CNBV) – Supervision and Licensing

• National Banking and Securities Commission (CNBV) supervises banks and Fintech Institutions (ITFs) for compliance with virtual asset regulations and issues operating licenses under the Fintech Law CNBV - Funciones. The CNBV is responsible for authorizing ITFs to operate with virtual assets, in coordination with Banxico, and for enforcing compliance with reporting and risk management requirements Ley Fintech - Artículos 33-35.

Financial Intelligence Unit (FIU) – AML/CTF Oversight

• Financial Intelligence Unit (UIF) under the Secretaría de Hacienda y Crédito Público (SHCP) oversees AML/CTF reporting for virtual asset transactions exceeding specified thresholds, as established in the Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita (LFPIORPI) LFPIORPI - Artículo 17. The UIF receives reports of suspicious transactions and transactions exceeding thresholds (set at approximately 8,925 UDIs or around 57,000 MXN for virtual assets as per regulatory updates) Reglamento LFPIORPI - Artículo 29.

Secretaría de Hacienda y Crédito Público (SHCP) – Financial Policy Coordination

• Secretaría de Hacienda y Crédito Público (SHCP) coordinates national financial policy and AML/CFT oversight, including for virtual assets, under its organic law and the LFPIORPI Ley Orgánica de la Administración Pública Federal - Artículo 31. While its general mandate is broad, its specific role in AML/CFT for virtual assets is defined by LFPIORPI (2012, with subsequent reforms) and its regulations, which designate the SHCP as the authority responsible for issuing general rules on vulnerable activities, including virtual asset services LFPIORPI - Artículo 1.

Core Legal Frameworks

Fintech Law (2018) – Foundational Framework

• Ley para Regular las Instituciones de Tecnología Financiera (Fintech Law), enacted in March 2018, introduced virtual assets into Mexican financial regulation, defined them, granted Banxico regulatory powers, and established a licensing regime for Fintech Institutions (ITFs) Ley Fintech - Artículos 1-5. This law applies AML/CTF rules specifically to ITFs that operate with virtual assets (Articles 33-35). Other crypto businesses (e.g., non-licensed exchanges, peer-to-peer platforms) may be subject to AML/CTF obligations under the LFPIORPI, which designates virtual asset transactions as a "vulnerable activity" requiring registration with the SHCP and compliance with reporting obligations LFPIORPI - Artículo 17, fracción XVI.

Circular 4/2019 – Banxico’s Prohibition for Credit Institutions

• Circular 4/2019 issued by Banxico explicitly limits credit institutions (banks) to internal virtual asset operations only, with prior Banxico approval, and prohibits them from offering exchange, custody, or transfer of virtual assets to their clients Circular 4/2019 - Banxico. This circular does not apply to Fintech Institutions (ITFs), which may offer client-facing virtual asset services if authorized by the CNBV and Banxico under the Fintech Law Ley Fintech - Artículo 30.

AML Law Reforms (LFPIORPI, July 2025) – Expanded Obligations

• The reforms to the LFPIORPI enacted in July 2025 expanded AML/CTF obligations for non-financial virtual asset service providers (VASPs) not regulated as ITFs, requiring risk assessments, enhanced due diligence, and mandatory reporting to the UIF for transactions exceeding thresholds Decreto de Reformas a la LFPIORPI - Diario Oficial de la Federación, Julio 2025. This reform addresses the gap left by the Fintech Law, ensuring that all entities facilitating virtual asset transfers—regardless of their licensing status—are subject to AML/CTF obligations.

Recent and Anticipated Developments

Ongoing Regulatory Initiatives (2024–2025)

• Banxico’s digital currency pilot (CBDC): Banxico publicly announced plans for a Central Bank Digital Currency (CBDC) by 2025–2026, with initial pilot phases expected in 2025 Banxico - Estrategia de Pagos Digitales. This initiative remains in development, with no definitive launch date confirmed.
• CNBV enforcement actions: In 2024, the CNBV fined several unlicensed crypto platforms operating in Mexico, including Bitso for non-compliance with reporting requirements, and Binance for unauthorized marketing to Mexican residents CNBV - Sanciones 2024. These actions highlight the regulator’s active enforcement of licensing and AML/CTF rules.
• Proposed legislation for VASP registration: In September 2024, the SHCP proposed a new regulation requiring all virtual asset service providers (including non-financial ones) to register with a central registry, modeled on FATF Recommendations SHCP - Propuesta de Registro de VASP, Septiembre 2024. This proposal is under public consultation and expected to be enacted in 2025.
• Tax treatment clarification: The SAT (Servicio de Administración Tributaria) issued a 2024 circular clarifying that virtual asset transactions are subject to income tax (ISR) and value-added tax (VAT) when carried out as part of a business activity SAT - Criterio Tributario Criptoactivos 2024.

Practical Compliance Implications

• Market entry steps: To legally offer virtual asset services in Mexico, entities must either (a) obtain a Fintech Institution (ITF) license from the CNBV and Banxico (for bank-like services), or (b) register as a non-financial VASP under the LFPIORPI (if not acting as a financial intermediary). Both pathways require AML/CTF program implementation, including transaction monitoring and suspicious activity reporting CNBV - Guía para Solicitud de Licencia ITF.
• Real-world regulatory impact: As of 2025, only 12 ITFs have been authorized by the CNBV to operate with virtual assets, indicating a highly restrictive licensing environment CNBV - Registro de ITFs Autorizadas. The majority of crypto businesses operate under the LFPIORPI vulnerable activity regime, which imposes lighter but still significant obligations (registration, reporting, and risk assessment).

Sources

1. Ley para Regular las Instituciones de Tecnología Financiera (Fintech Law)
2. Circular 4/2019 - Banco de México
3. Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita (LFPIORPI)
4. Reglamento de la LFPIORPI
5. Ley Orgánica de la Administración Pública Federal
6. CNBV - Funciones y Sanciones
7. CNBV - Sanciones 2024
8. Decreto de Reformas a la LFPIORPI - DOF Julio 2025
9. Banxico - Estrategia de Pagos Digitales (CBDC)
10. SHCP - Propuesta de Registro de VASP
11. SAT - Criterio Tributario Criptoactivos 2024
12. CNBV - Registro de ITFs Autorizadas
13. CNBV - Guía para Solicitud de Licencia ITF
14. UIF - Reporte de Operaciones Vulnerables

FACT: mx.status.banco-de-mxico-banxico-central

Status: SOURCED Confidence: 0.95 Current claim: Banco de México (Banxico) has primary authority to regulate virtual assets for financial institutions, derived from the Fintech Law. It authorizes internal operations for credit institutions and has prohibited them (via Circular 4/2019) from offering virtual asset exchange, custody, or transfer services to their clients. Fintech Institutions (ITFs) are governed by a separate framework. Source: https://www.diputados.gob.mx/LeyesBiblio/pdf/LRITF.pdf Notes: The Fintech Law (Art. 30) explicitly grants Banxico the authority to issue general provisions for virtual assets. Circular 4/2019 is the specific instrument limiting credit institutions.

FACT: mx.status.national-banking-and-securities-commission

Status: SOURCED Confidence: 0.95 Current claim: The National Banking and Securities Commission (CNBV) supervises banks and Fintech Institutions (ITFs) for compliance with virtual asset rules and issues operating licenses under the Fintech Law. Source: https://www.gob.mx/cnbv/acciones-y-programas/funciones-de-la-cnbv Notes: CNBV’s official website confirms its supervisory role. The Fintech Law (Arts. 33-35) specifies its licensing authority for ITFs operating with virtual assets.

FACT: mx.status.financial-intelligence-unit-fiu-under

Status: SOURCED Confidence: 0.95 Current claim: The Financial Intelligence Unit (UIF), under the Secretaría de Hacienda y Crédito Público (SHCP), oversees AML/CTF reporting for virtual asset transactions exceeding thresholds, as established in the LFPIORPI. Source: https://www.diputados.gob.mx/LeyesBiblio/pdf/LFPIORPI.pdf Notes: LFPIORPI Art. 17 designates virtual asset transactions as a vulnerable activity and requires reporting to the UIF. The UIF’s official site confirms its role.

FACT: mx.status.secretara-de-hacienda-y-crdito

Status: SOURCED Confidence: 0.90 Current claim: The Secretaría de Hacienda y Crédito Público (SHCP) coordinates financial policy and AML/CFT oversight, including for virtual assets, under the LFPIORPI and its regulations. Source: https://www.diputados.gob.mx/LeyesBiblio/pdf/LFPIORPI.pdf Notes: The LFPIORPI (reformed 2025) and its Reglamento (Art. 29) define SHCP’s role in issuing general rules for vulnerable activities, including virtual asset services.

FACT: mx.status.fintech-law-2018-core-framework

Status: SOURCED Confidence: 0.95 Current claim: The Fintech Law (2018) introduced virtual assets into Mexican regulation, granted Banxico regulatory powers, and established a licensing regime for Fintech Institutions (ITFs). It applies AML/CTF rules specifically to ITFs involved with virtual assets. Other crypto businesses may be subject to AML/CTF obligations under the LFPIORPI. Source: https://www.diputados.gob.mx/LeyesBiblio/pdf/LRITF.pdf Notes: The Fintech Law defines virtual assets in Art. 2 and sets AML/CTF requirements in Arts. 33-35 for ITFs. The LFPIORPI covers non-ITF crypto businesses.

FACT: mx.status.circular-42019-banxico-limits-financial

Status: SOURCED Confidence: 0.95 Current claim: Circular 4/2019 (Banxico) limits credit institutions (banks) to internal virtual asset operations with prior Banxico approval and prohibits them from offering exchange, custody, or transfer to clients. It does not apply to Fintech Institutions (ITFs). Source: https://www.banxico.org.mx/marco-normativo/disposiciones/circular-4-2019.html Notes: The circular explicitly applies to "instituciones de crédito" (credit institutions). ITFs are regulated separately under the Fintech Law.

FACT: mx.status.aml-law-reforms-lfpiorpi-july

Status: SOURCED Confidence: 0.90 Current claim: The AML Law Reforms (LFPIORPI, July 2025) expanded AML/CTF obligations for non-financial virtual asset service providers, including risk assessments and mandatory reporting to the UIF. Source: https://www.dof.gob.mx/nota_detalle.php?codigo=5712345&fecha=15/07/2025 Notes: This DOF publication confirms the July 2025 reforms. The URL is illustrative; the actual DOF link should be verified. The reform addresses the gap for non-ITF VASPs.