Mexico’s LFPIORPI Article 17, Fraction XVI virtual asset AML regime is the federal anti-money laundering and counter-terrorist financing framework that treats specified virtual-asset services as Actividades Vulnerables. As of June 30, 2026, the regime is in force. The provision was added through the 2018 financial technology reform, became operative for virtual-asset activities in 2019, and was materially revised by the 2025 LFPIORPI reform.
Key provisions of LFPIORPI Article 17 XVI
Article 17, Fraction XVI covers the habitual and professional offering of virtual-asset exchange by persons other than financial entities when carried out through electronic, digital, or similar platforms that administer or operate the service, facilitate or conduct purchases or sales for customers, or provide means to custody, store, or transfer virtual assets. The current text also captures operations carried out with Mexican citizens from another jurisdiction.
The provision defines a virtual asset as electronically registered value used among the public as a means of payment for legal acts and transferable only through electronic means. It excludes Mexico’s legal tender, foreign currencies, and assets denominated in legal tender or foreign currency. The article also links certain authorization questions to whether Banco de México recognizes assets under Mexico’s Fintech Law.
Notice thresholds and reporting architecture
The current notice triggers are expressed in UMA. Covered virtual-asset activity is identified in all cases, while notices to the Secretaría de Hacienda y Crédito Público are triggered when a client or user operation equals or exceeds 210 UMA, or when the service consideration charged equals or exceeds 4 UMA. A 2026 amendment to the LFPIORPI Regulation clarifies that, where an operation meets both Article 17 XVI notice triggers, only the notice under the operation-amount trigger is filed.
- Covered providers are expected to register as persons conducting a vulnerable activity through the SAT-administered portal.
- Article 18 duties include identifying clients or users, collecting beneficial-owner information where applicable, preserving records, and submitting notices.
- The 2025 reform added a virtual-asset-specific duty to obtain, maintain, and make available precise information about the originator, recipient, and, where applicable, beneficial owner of virtual-asset operations, as detailed in general rules.
Status and timeline
The virtual-asset activity became an Article 17 vulnerable activity on September 9, 2019, according to Mexico’s official anti-money-laundering portal. SAT later advised that virtual-asset notices should be submitted from April 2, 2020, under the then-applicable 645 UMA threshold. The 2025 reform revised Article 17 XVI, reduced the operation notice threshold to 210 UMA, added the 4 UMA service-consideration trigger, and added cross-border wording for operations with Mexican citizens.
The 2025 decree generally entered into force on July 17, 2025, the day after publication. However, the decree’s transitory provisions state that new Article 18 obligations in fractions VII to XI enter into force on dates established by updated general rules. Editors should verify the latest SHCP, SAT, and UIF publications before treating those rule-dependent duties as fully operative.
Regulators and jurisdictional impact
The regime applies at the federal level in Mexico. SHCP is the competent administrative authority for the law, SAT maintains the vulnerable-activity registry and receives notices, and UIF is the financial-intelligence authority that uses the information for AML/CFT purposes. The provision is relevant to crypto exchanges, custodial wallet providers, transfer platforms, and similar non-financial virtual-asset businesses that fall within the statutory wording.
This profile is a legal-reference summary for editorial and research use. It does not provide legal advice, compliance instructions, tax advice, investment advice, or trading guidance.