April 29, 2024

Guide to FATF Travel Rule Compliance in Mexico

Guide to FATF Travel Rule Compliance in Mexico
  • Mexico is in the process of implementing the FATF Travel Rule.
  • The country has a stringent KYC process for crypto businesses, which consists of identity verification, customer due diligence, and transaction monitoring. 
  • Crypto service providers must also register and report high-value client transactions from the past six months to the country's 'AML Portal.'

Mexico, a North American country and one of the largest recipients of remittances globally, is experiencing growing crypto adoption. As per Chainalysis's 2023 Global Crypto Adoption Index, it ranks among the top 20 nations for grassroots crypto adoption.

On the regulatory front, the country lacks comprehensive crypto rules. However, it has strong AML/CFT regulations in place and is in the process of implementing the FATF Travel Rule.

Is Crypto Regulated in Mexico?

The purchase, sale, transfer, and custody of crypto assets are regulated under Mexico’s Fintech Law.

The country's main financial regulators, the National Banking and Securities Commission (CNBV), the Secretariat of the Treasury and Public Credit (SHCP), and the Bank of Mexico (Banxico), have clarified that financial institutions may carry out operations with crypto but only with prior authorization from the central bank.

Crypto Travel Rule in Mexico

According to the Financial Action Task Force (FATF), the country is progressing in enacting the rule for virtual asset service providers (VASPs) to comply with the Crypto Travel rule.

For now, the country has conducted a risk assessment covering virtual assets and VASPs, enacted legislation requiring VASPs to be registered and apply AML/CFT measures, and covers VASPs in its supervisory inspection plan.

Key Features

As a member of the FATF, Mexico is required to comply with the organization’s recommendations, which means the country's crypto sector must adopt the Crypto Travel rule.

Mexico has also designed its anti-money laundering (AML) compliance and Know Your Customer (KYC) requirements around FATF’s international standards in its fight against financial crimes.

Its comprehensive KYC program consists of three main components:

Identity verification (IDV) - Financial institutions are required to collect and verify their customers' personal information. Authorities mandate that businesses confirm their customers' identities to facilitate the identification of suspicious accounts and enable regulators to investigate and apprehend bad actors.

Customer due diligence (CDD) - Businesses perform multiple checks to verify their customers' identities and assess their risk profiles to gauge their potential involvement in money laundering. High-risk customers may be subject to additional scrutiny and enhanced security measures, or they may be denied services altogether.

Transaction monitoring - Businesses continuously monitor customer transactions for any signs of suspicious activity. This involves assessing customer information, transfers, deposits, and withdrawals. Businesses must also set alerts and establish policies that dictate the necessary actions to be taken.
Compliance Requirements

Transactions related to crypto assets are considered vulnerable activities under Mexico’s Anti-Money Laundering Legal Framework. This means businesses dealing with crypto must comply with the AML/CFT obligations.

According to this, businesses must identify customers for which the following information and documentation, at minimum, are to be requested:

- Name
- Date of birth
- Nationality
- Residential address
- Email address
- Phone number
- Taxpayer registration code

In case the customer is an organization, the business must obtain the following information and verify it:

- Name
- Nationality
- Email & physical address
- Phone number
- Date of formation
- Taxpayer registration code
- Serial number of advanced electronic signature

Beneficial owners are also required to be identified and verified in the same manner.

Impact on Cryptocurrency Exchanges and Wallets

In Mexico, crypto transactions by VASPs are considered a regulated activity. As a result, VASPs must register and submit details of clients involved in high-value transactions over the past six months to the 'AML Portal.'

VASPs must also draft a compliance manual, designate an officer for AML compliance, and employ a risk-based approach to assess AML risks.

Furthermore, these businesses are required to gather and maintain detailed transaction records for each client for the last six months. They must keep these records for at least five years and provide them to authorities when requested.

Moreover, during the client onboarding process, VASPs need to screen clients against lists provided by the Financial Intelligence Unit (FIU) and may also use other national and international lists to identify individuals linked to money laundering or terrorist financing.

While specific regulations for self-custodial wallets and decentralized finance (DeFi) platforms are not established in Mexico, they must still comply with general laws on consumer protection and personal data security.

Global Context

In August 2023, a study by the Latin American Financial Action Task Force claimed that Mexico is “leading the way” in Latin America’s adoption of the Crypto Travel Rule. Locally known as GAFILAT, the task force is an intergovernmental organization made up of 18 Latin American countries and is affiliated with the FATF.

According to the report, Mexico is far ahead of many other nations in adopting FATF’s Travel Rule guidelines, and it has “developed secondary regulations” to comply with the agency’s recommendations.

Meanwhile, FATF’s most recent report highlighting the jurisdictional implementation of VASP regulation and supervision for AML/CFT purposes stated that Mexico is in the process of implementing the FATF Travel Rule.

Concluding Thoughts

Although Mexico has yet to create a comprehensive regulatory framework, it focuses especially on combating money laundering and terrorist financing. These laws apply to individuals, businesses, and foreign firms operating in the country in an attempt to prevent crimes and ensure customer protection.

About Veriscope

‍Veriscope, the compliance infrastructure on Shyft Network, empowers Virtual Asset Service Providers (VASPs) with the only frictionless solution for complying with the FATF Travel Rule. Enhanced by User Signing, it enables VASPs to directly request cryptographic proof from users’ non-custodial wallets, streamlining the compliance process.

For more information, visit our website and contact our team for a discussion. To keep up-to-date on all things crypto regulations, sign up for our newsletter and follow us on X (Formerly Twitter), LinkedIn, Telegram, and Medium.