The Law to Regulate Financial Technology Institutions, formally the Ley para Regular las Instituciones de Tecnología Financiera, is Mexico’s federal Fintech Law. As of June 30, 2026, the law is in force; the consolidated text maintained by the Chamber of Deputies identifies the original publication in the Diario Oficial de la Federación on March 9, 2018, and the latest reform published on November 14, 2025. The original transitory article made the statute effective the day after publication, so the main effective date is March 10, 2018.
The statute establishes a national framework for institutions of financial technology, or ITFs, and for financial services delivered through technology. It is based on inclusion, innovation, competition, consumer protection, financial stability, prevention of illicit operations and technological neutrality.
Key provisions of Mexico’s Fintech Law
Authorization of ITFs
The law defines ITFs as two regulated categories: crowdfunding institutions and electronic payment fund institutions. A person that seeks to carry out these activities in Mexico must apply to the National Banking and Securities Commission, or CNBV, for authorization as an ITF. Authorization is issued after requirements are met and after agreement by the Interinstitutional Committee, which includes representatives of the Finance Ministry, Banco de México and CNBV.
Crowdfunding and electronic payment funds
For crowdfunding, the law regulates digital platforms that connect members of the public so financing can be granted among them. It requires disclosures about project-selection criteria and evaluation methodologies and prohibits platforms from guaranteeing returns or investment outcomes. For electronic payment funds, the law covers the issuance, administration, redemption and transmission of payment funds through apps, interfaces, websites and other electronic or digital methods.
Virtual asset operations
The law defines a virtual asset as an electronically recorded representation of value used by the public as a means of payment and transferable only through electronic means. It excludes Mexican legal tender, foreign currency and assets denominated in legal tender or foreign currency. ITFs may operate only with virtual assets determined by Banco de México and must obtain prior Banco de México authorization. Banco de México sets conditions and restrictions for virtual-asset operations and custody or control arrangements. ITFs operating with virtual assets must disclose risks, including that a virtual asset is not legal tender, is not backed by the federal government or Banco de México, may be irreversible, may be volatile and may involve technological, cyber and fraud risks.
Regulatory perimeter and supervisory roles
The law assigns supervisory roles primarily to CNBV and Banco de México within their respective authority. It also gives roles to CONDUSEF, CNSF, CONSAR and the Finance Ministry where the statute or related financial laws apply. CNBV’s secondary fintech provisions and Banco de México’s Circular 4/2019 are companion instruments for authorization, operations and virtual-asset activity.
AML/CFT, data and innovation framework
Article 58 requires ITFs to maintain measures and procedures to prevent and detect operations that may relate to specified criminal-law offenses. It also requires reports to be presented to the Finance Ministry through CNBV, customer-identification measures, record-retention controls, internal training, automated systems, a compliance committee or officer and periodic review of AML/CFT effectiveness.
The law also contains an open-finance component. Article 76 requires financial entities, money transmitters, credit information companies, clearing houses, ITFs and companies authorized to operate innovative models to establish standardized application programming interfaces. The APIs enable sharing of open financial data, aggregate data and transactional data, with transactional data requiring express customer authorization.
For innovation, the law provides temporary authorization for “Modelos Novedosos,” or innovative models. These authorizations allow financial services to be tested under conditions set by the competent financial authority. For non-regulated companies, the temporary authorization may last up to two years, with a possible one-year extension while the applicant pursues the definitive authorization, registration or concession.
Status and timeline
The law remains a central part of Mexico’s fintech and crypto-asset regulatory perimeter. The 2025 reform addressed procedural homologation linked to Mexico’s National Code of Civil and Family Procedures and included phase-in language for application of that reform, with an automatic backstop date of April 1, 2027 where the relevant gradual declaration is not issued. This profile is a legal-reference summary and should not be read as legal, tax, investment or compliance advice.
