Konsentus Powering Trust in Open Ecosystems

Five years of Open Banking in Mexico, or is it?

It has been five years since Mexico passed its Fintech Law, whereby a regulatory regime for open banking was introduced.

Share This Post

The overarching goal was to cement the North American country as one of the most advanced fintech ecosystems in the region. But how has the market developed over the last half-decade? Has it been successful in being the fintech hub of North America?  

What is the Fintech Law? 

The Fintech Law was enacted in 2018 – a moment that gave citizens, businesses and industry the opportunity to celebrate the advent of innovation and provide a way towards financial inclusion in a country where only 37% of adults own a bank account and just 32% have made or received a payment digitally. 

In addition to addressing activities and business models that fit poorly in the existing regulatory framework, the Fintech Law goals:

  • promote financial inclusion
  • provide legal security to technological financial services users
  • trigger greater competition in the financial services market
  • increase the number of participants in the financial sector
  • prevent money laundering activities through electronic means
  • regulate the transactions with digital assets in Mexico

The Fintech Law set in motion the regulation of two types of companies: electronic payment institutions (EPIs, or what other countries call “electronic money issuers”) and crowdfunding institutions. The law covers only these two types of fintech companies from the universe of fintech players that are still not addressed by the Mexican regulatory system. It does not provide regulatory guidance for other technology-enabled innovations in financial services, such as fintechs offering balance sheet lending, big tech companies launching financial services, investment services other than crowdfunding, or central bank digital currencies.

The Law also enshrined that the financial institutions, money transmitters, credit information entities, clearing houses and FTIs must establish standardised application programming interfaces (APIs) to enable connectivity and access by third parties. The information to be shared is open financial data; aggregated data; and transactional data.

The law provided a degree of certainty, which is reflected in the more than one hundred requests for authorisation received by the regulator since 2018.

The journey since 2018

Besides the initial excitement and a first phase of open banking that focused purely on exposing ATM and branch data, the route to a comprehensive framework for interoperable data sharing has been minimal. Five years later, Mexico is still in the implementation phase of the rules on the use of open banking. Regulators still need to define standards for sharing transactional data so that open banking can really take off in the country, or at the very least condone an industry consortium to define the relevant standards.

Compared to other national open banking ecosystems that started implementation at a later date, Mexico is being surpassed. Others in the region, chiefly Brazil, but also Chile and Colombia, are starting to eclipse Mexico. The aims of the Fintech Law regarding open banking, with the promise of promoting more competition, innovation and inclusivity, have fallen short.

Why has open banking been so elusive?

The easiest option would be to blame the regulators, and while they definitely should be more proactive, we see a similar pattern across regions where supervision may conflict with policymaking. Institutional boundaries between different regulators often leads to inertia. Markets where there is a clear ‘owner’ of open banking e.g. Banco Central do Brasil, are able to make speedier progress. Policymaking needs to be followed up with resolute commitment and drive towards implementation. Other markets, with similar needs to Mexico, such as Brazil and India have made that commitment.

Open banking requires collaboration between the different stakeholders, public and private; it requires consensus on various vital topics, including security, data protection and dispute resolution to name a few. Centralised decision-making on these issues drastically reduces time and cost to market. We have seen in other markets, where a more fragmented approach is adopted, innovation has been stifled and customer benefits suffocated. Mexico needs an answer to this, and quickly. A recent civil lawsuit by a Mexican citizen has been filed for infringement of their constitutional rights to fair data access. The significant delays in issuing secondary legislation to support open banking have opened the door to such challenges.

Mexico also lacks cyber-security legislation. Guidelines are provided at industry level but there is a lack of substantial legal positioning. This has led some in the industry to utilise this as a barrier to progress in the open banking space. However, Mexico needs to focus on what it can do in the absence of this secondary legislation or cybersecurity legislation to move the needle. Mexico ranks as the second among Latin American countries with the most cyber-attacks. Rightly, consent, compliance and data management are all of paramount importance. However, all sides of the industry can come together to solve these issues.

How is the industry preparing?

While everyone is knocking on the regulator’s door for the much-needed secondary regulation, innovation is not stopping. The industry is preparing for what lies ahead. With more than 650 fintechs already established in Mexico, 1.4x the number in the UK, the leading fintech hub, there is significant opportunity to unlock endless customer benefits.  But it is not just fintechs who are preparing, forward-thinking banks have been creating digital twins – Hey Banco by Banregio, Open Bank by Santander, Bineo by Banorte to name a few. International neobanks are also starting to enter the Mexican market, such as Nubank and Uala, two of the largest in Latin America, who clearly see significant opportunity. HSBC has also noted that it will leverage open banking to provide enhanced credit risk analysis and payment services. Citibanamex also decided back in 2021 to launch its Open Data API as a first step towards open banking.

But in the absence of secondary legislation, or a clear path outlined by the regulator, no one is willing to go ‘all-in’.

Mexico as fintech hub of North America

Mexico has a potential role as fintech pioneer across North America. As part of NAFTA, the North America Trade Agreement, as well as a sizable migrant population north of the Rio Grande, the value open banking can bring is extensive. Mexico can play an active role in developing cross-border frameworks both in open banking as well as instant payments. These frameworks can be applicable not only north but south into Central America as well as Latin America more broadly. There is a great opportunity for Mexico to be a regional pioneer. As the United States seeks to near-shore many capabilities due to the geo-political situation with China, there is strategic interest for Mexico.

So, what’s next?

For the original policy objectives to be met, progress needs to be made in various areas:

1) a governance structure under the scope of the CNBV needs to be developed with participation of all stakeholders;

2) a commercial model needs to be defined at the ecosystem level incentivising data sharing and innovation;

3) technical specifications for interoperable APIs must be detailed with emphasis placed on quality, reliability and performance;

5) a trust framework for the secure exchange of data, reliable party recognition as well as cost –effective onboarding  

6) Payment initiation orchestration – while out of scope of the secondary regulation and in the hands of Banxico, should be aligned with its infrastructure to achieve its full benefits.

Some of the challenges faced today require public-private partnership and the need for open and transparent collaboration. Participants need to come together in a forum, neutral to their sometimes-conflicting agendas, designed to support the regulator in setting balanced rules. When you look at the most successful open banking ecosystems, a version of this has nearly always been in place.

The Mexican market also needs to reconcile its open banking dreams with the cyber-security challenges that it faces. There is no doubt there is a need to address the pressing risks that come with increased digitisation. Legislation and regulatory certainty are important but are only one piece of the puzzle. There are practical methods that can often be far more effective. Strong regulatory accreditation processes, trust platforms to support identification and verification of third parties, modern customer authentication methods and broad consumer education can all act as a robust foundation for risk mitigation in support of open banking.

It is clear that without a plan, Mexico’s open banking hopes will only ever be just that. The regulator must play its part and provide the clarity that the industry so urgently needs. However, the industry too must identify the opportunities that open banking brings and work together to achieve them or risk being overshadowed by more innovative neighbours. Both the Mexican fintech community and incumbent players hold the future in their hands, and the time to act is now.

Subscribe To Our Newsletter

Keep up to date with all our news and publications.

More To Explore

Talk with Our Team Today

Join us on the Journey

Protect your customers transacting in open ecosystems.

Konsentus Rebrand Button - Konsentus Dot-23-23

Find out how our technology can protect your customers within open ecosystems.



On completion of this form you will be sharing your personal data with Konsentus Ltd (company number 1115059) (“Konsentus”/”we”/”us”). We will process such information for the purposes of sending you the requested information. We may also send you marketing communications and information which we consider may be of interest to you from time to time. This may include sending information by email, or us contacting you by telephone, where relevant details are provided. We rely on our legitimate interests as the lawful basis for processing your data in this way. Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to receive a copy of the data we hold about you. You also have the right to opt out of marketing communications at any time using the details in an email sent to you or by contacting us at insights@konsentus.com.

This field is for validation purposes and should be left unchanged.

Login to your account