Remote VASP serving residents in Mexico
Foreign-incorporated entity that offers exchange, custody, or transfer services to residents of a jurisdiction without establishing a local entity or office.
Remote VASP is conditionally permitted in Mexico without local incorporation, subject to AML obligations and low licensing burden.
Verdict Details
- Permitted
- conditional
- Local entity required
- No
- Licensing burden
- Low
- Last updated
- 2026-05-28
AML Obligations
- Activities serving Mexican residents qualify as 'vulnerable activities' under the Federal AML Law (LFPIORPI)
- UIF (Financial Intelligence Unit) registration required for exchanges and custody providers
- KYC mandatory for transactions ≥ 645 UMAs (~$58,000 MXN) per client over six months
- Suspicious-transaction reporting to UIF
- Cross-border transfer reporting above statutory thresholds
Key Restrictions
- Non-financial entity status required — Banxico bans Mexican financial institutions from offering public-facing crypto services (Circular 4/2019)
- Virtual assets are not legal tender and cannot be marketed as such
- Fintech Law (LIFT, 2018) authorizations are not granted to remote operators; only on-shore financial entities apply
Key Risks
- AML obligations attach extraterritorially when services are offered into Mexico, even without local presence
- No public enforcement precedent against pure remote operators, but UIF has discretion to act on cross-border vulnerable activities
- Tax reporting obligations may attach to Mexican-resident users — secondary obligation, but reputational risk for the operator
Evidence
This verdict synthesizes the following facts. Each fact links to its primary source(s).
**Exchanges, Custody Providers, Payment Processors (Non-Financial Entities):** No license or registration needed; services can be offered to the public if not reserved for regulated entities.[1][3][5]
**AML/CTF Law (Ley Federal para la Prevención e Identificación de Operaciones con Recursos de Procedencia Ilícita)**: Classifies virtual asset operations by non-financial entities as vulnerable activities, requiring KYC, internal policies, transaction monitoring, and reporting to the Financial Intelligence Unit (FIU) for transactions over ~$58,000 MXN (645 UMAs) per client in six months.[3][4][5]
**Financial Institutions/Fintechs:** Authorization from Banxico required for any virtual asset operations; prohibited from public services.[2][4][5]
**Circular 4/2019** (Banxico): Limits financial entities to internal virtual asset operations with prior approval; bans public-facing services.[4]
**Financial Intelligence Unit (UIF)**: Collects/analyzes suspicious transaction reports from crypto businesses; requires registration for exchanges/non-financial entities.[https://muralpay.com/blog/kyc-and-tax-rules-for-stablecoin-payments-in-mexico][https://www.lightspark.com/knowledge/is-crypto-legal-in-mexico]
**Local Presence:** No explicit requirement, but company setup (if incorporating) needs Mexican notary, share certificates, corporate books, tax registry (RFC), e-signature, foreign investment registry (if applicable), and bank account.[2][7] Office rental may aid compliance.[7]
Verdict Attribution
- Source:
- AI-Generated · Reviewed
- Curated by:
- scott@savyadvisors.com
- Last updated:
- 2026-05-28
- Confidence:
- medium
This verdict was produced by an AI model from the underlying facts. Confirm with counsel before relying on it for material decisions.
Initial sample verdict for design validation. Pending counsel review before promotion to source='curated'.
Questions this verdict aims to answer
- May a non-resident provider serve residents from abroad?
- Does cross-border service trigger licensing, registration, or AML obligations?
- What enforcement risk exists for unlicensed remote operators?