The Disposiciones de carácter general a que se refiere el Artículo 58 de la Ley para Regular las Instituciones de Tecnología Financiera are Mexico’s federal AML/CFT secondary provisions for regulated financial technology institutions, or ITFs. Published by the Secretaría de Hacienda y Crédito Público (SHCP) in the Diario Oficial de la Federación on Sept. 10, 2018, the provisions entered into force the next day, subject to transitional rules for reporting formats and implementation. As of June 30, 2026, this profile treats the instrument as in force, while noting later administrative measures affecting reporting channels.
Regulatory scope of Mexico’s Article 58 fintech provisions
The provisions implement Article 58 of Mexico’s FinTech Law, which requires ITFs to establish measures and procedures to prevent and detect acts, omissions, or operations that may relate to terrorism financing or money laundering offenses under the Federal Criminal Code. The official text states that the rules apply to accounts and contracts used by ITFs for regulated operations, whether opened directly or through authorized third parties.
The framework is aimed at institutions of collective financing and electronic payment funds, and may also apply to authorized innovative-model companies where their authorization makes the AML/CFT framework relevant. It is not a standalone crypto-asset market statute. Its crypto relevance comes from the treatment of “Activos Virtuales” within the AML/CFT controls imposed on ITFs.
Key obligations for ITFs
The provisions require ITFs to maintain a risk-based methodology covering products, services, customer types, geography, transaction channels, and technological infrastructure. The methodology must be implemented, reviewed, and updated when new risks arise or when the national risk assessment changes. The CNBV may review the methodology, order modifications, and request action plans.
Customer due diligence is central to the regime. ITFs must collect and maintain customer identification files, classify customers by risk grade, and apply enhanced measures where risk indicators arise. The framework also requires a Manual de Cumplimiento, annual training, an internal compliance structure, and audit or independent review of AML/CFT effectiveness.
Virtual asset reporting and recordkeeping
For these provisions, a virtual asset is an electronically registered representation of value used by the public as a means of payment and transferable only through electronic means, excluding legal tender, foreign currency, or assets denominated in legal tender or foreign currency. The text also limits covered virtual assets to those determined by Banco de México under the FinTech Law.
ITFs that conduct virtual-asset operations must retain the asset denomination or code, number of units, Mexican peso equivalent, and date of each operation. Article 74 requires quarterly reporting, within the first ten business days of January, April, July, and October, when a customer buys virtual assets with national currency or foreign currency, or sells virtual assets for legal tender, at or above the 7,500 UDI threshold.
Status, reporting formats, and 2026 simplification agreement
The 2018 transitional provisions made the general rules effective the day after publication, but tied the start of certain reporting submissions to official media and formats issued by SHCP or CNBV. SHCP/UIF issued official electronic formats in 2020 for compliance-officer, committee, and relevant, unusual, and internally concerning operation reports, and amended a field in those formats in 2021.
A CNBV administrative simplification agreement published on May 18, 2026, later eliminated several duplicate or obsolete CNBV filing homoclaves, including virtual-asset report trámites, citing Banco de México Circular 4/2019’s position on public-facing virtual-asset operations by financial institutions. The same agreement states that related Article 58 provisions and instruments should be adjusted within one year, and that the 2026 agreement governs until those updates are made. This profile should therefore be reviewed again before May 2027.
CryptoSlate editorial note
This profile covers the Article 58 AML/CFT provisions, not the full Mexican FinTech Law, not the CNBV operating rules for ITFs, and not Banco de México Circular 4/2019 as a standalone virtual-asset operations rule. It should be linked with Mexico, AML/CFT, Licensing & Registration, Payments, and Market Structure & Regulatory Perimeter taxonomy coverage.