For organizations to achieve an adequate digital transformation, it is key to know the guidelines that need to be adhered to to stay within the legal framework. This is the case of KYC (Know Your Customer), an essential strategy which is currently regulated by the National Banking and Securities Commission (CNBV).
The National Banking and Securities Commission (CNBV) is an independent body of the Ministry of Finance and Public Credit (SHCP) that regulates, supervises, and sanctions entities and sectors related to finance in Mexico. It is authorized to sanction individuals and companies that carry out activities regulated by the laws of the Mexican financial system, such as FinTech companies.
Let's review below what KYC means and what legal aspects fintech companies in Mexico must take into account in order to function without major inconveniences.
What does KYC mean?
KYC stands for Know Your Customer, and refers to the processes of a company through which the identity of customers is identified and verified, especially in the banking field.
Fintech companies globally have been adopting this concept as an essential part of their strategies more and more frequently, due to its relevance in identity control and money laundering (AML or Anti-Money Laundering).
Unfortunately, identity verification can be a huge challenge that requires a delicate balance between effort and teamwork, if you want to prevent fraud while allowing legitimate users easy access to your service, here we tell you how to achieve it efficiently.
Now, what is KYC (Know Your Customer)? It is an important element in the fight against financial crimes and money laundering, through the identification of the client as the main axis, since it is the first step for a better performance in the other stages of the process.

In fact, this practice not only complies with Mexican regulations, but with international ones linked to the highest security standards such as the Financial Action Task Force (GAFI) that now implement national laws that include strict directives such as AML 4 and 5 and preventive measures like this for customer identification.
The KYC policy is a mandatory framework for banks and financial institutions to validate the identity of their customers and prevent terrorist activities. It originated in Title III of the Patriot Act of 2001 in the United States and strengthened identity authentication procedures are implemented in the first stage of any business relationship to comply with international regulations against money laundering and illicit financing.
In November 2018, US agencies, including the Federal Reserve, encouraged banks to use sophisticated methods and artificial intelligence and digital identity technologies to identify suspicious activity.
So much so that by the end of 2020 a total global spending of approximately $ 1.2 billion for KYC and AML, an increase of 12.5% compared to the previous year.
Fintech companies in Mexico: everything you need to know about KYC and CNBV
This story began on August 29, 2017, when the CNBV published in the Official Gazette a series of changes whose purpose was to combat identity theft in the banking industry.
Then, in March 2018, the so-called Fintech Law was published, whose objective is to regulate the services of financial technology institutions, while in September of that same year the General Provisions were published (Article 58 of the Law Fintech), all aimed at making a better KYC record.
One of the most important regulations has to do with use of biometric data, especially fingerprint, allowing a more secure authentication of bank users, and seeking to avoid identity theft or fraud.
These are some of the essential provisions of the CNBV:
- It is the obligation of the credit institutions to previously validate, and in line with the INE records, the user's fingerprint. Only once this is regularized, users will be able to contract products and services, or carry out counter operations.
- It is also the obligation of the credit institutions to guarantee the integrity of the stored biometric information and to keep records of incidents of identity theft.
- For window operations greater than 1,500 UDIs (approximately 10,509 pesos, as of November 2021), specifically withdrawals and transfers, banks must verify the customer's fingerprint online with the INE database. It is possible to omit this validation, in which case the bank must repair the damage to the clients in no more than 48 hours after the claim.
- Institutions can integrate biometric databases of clients to substitute online verification with the INE. However, when populating the database for the first time, it must be validated with the records of said institute.
- If the previous step was complied with, when carrying out operations and contracting, banks will be able to use the database to authenticate their clients, without the need to carry out online verification with the INE.
- Finally, the CNBV leaves the doors open to innovation, as the provisions consider the possibility of authorizing future or eventual biometric authentication schemes, such as voice recognition, iris recognition, etc.
Some of the great advantages of implementing a correct KYC strategy and registration lie in increasing the security of financial institutions, complying with the law, safeguarding customer data and avoiding fraud, all of which translates into an optimization of the resources.

How to implement a KYC policy?
KYC (Know Your Customer) is a process used by companies to verify the identity of their customers, and may include the following steps:
- Client policy to establish the rules and procedures for identity verification.
- Collection of customer data and process of identification, verification and verification of politically exposed persons and sanctions lists.
- Evaluation and management of risks associated with clients.
- Ongoing monitoring and record keeping. The process may include verification of identity documents through a document reader and advanced document verification software.
Identity validation based on KYC (Know Your Customer) is carried out through different methods and technologies, security features and security controls. It may include the following stages or processes:
- Document Verification: Your government-issued identification document is checked for forgeries or other problems.
- Face Verification/Life Verification: Verifications are performed to ensure the live presence of the customer and to detect fraud attempts.
- Address Verification: The address on government-issued identity documents is verified against a proof of address (POA) provided by the customer.
According to Forbes, the increase in digitization in the financial institutions sector and the security they can offer makes them an important area of opportunity, the success of some cases has made the desire to change banks even less likely.
Although millennials are widely believed to prefer to conduct financial transactions virtually, the black swan event of 2020 (an unexpected, environment-changing tragedy), the global pandemic that forced many people to transition to online transactions and jobs remote, encouraged all age groups to bank online.
If you think your company needs user validation and authentication with Know Your Customer processes, get in touch with us and discover the benefits on your own. At Codster we will be happy to help you.