by Fernanda Curti
3 minutes • • November 26, 2024

CNBV Regulatory Changes: Finding Balance Between Security and User Experience

Illustration of scales with padlock on left and computer cursor on right - part of new CNBV regulatory changes in Mexico blog

Fraud is on the rise, and regulatory changes are here to help. Recent updates from Mexico’s Comisión Nacional Bancaria y de Valores (CNBV) aim to tighten fraud prevention measures for credit institutions. These changes arrive at a critical time, as scams and fraud have cost Mexicans an alarming 293 billion MXN. To navigate this evolving landscape, institutions need clear strategies to protect customers, reduce risk, and comply with the CNBV’s new guidelines.

This article breaks down the key regulatory changes and offers actionable insights to help financial institutions strengthen fraud management while meeting compliance requirements.

What Do the New CNBV Regulations Mean for Banks and Fintechs?

On June 14, 2024, the Comisión Nacional Bancaria y de Valores (CNBV) introduced updates to the general provisions governing credit institutions, aiming to redefine fraud prevention in Mexico. These regulations are designed to strengthen internal controls, provide legal clarity, and enhance customer trust.

Among the critical changes is the requirement for banks to define “observable behaviors for fraud management” and implement stricter authentication measures. The CNBV’s goal is clear: protect customers, reduce fraud risks, and ensure financial institutions are held accountable for lapses in fraud prevention. 

GASA Scams Report: Mexico

Mexico Loses 293B MXN to Scams Each Year Mexico currently bears the unfortunate distinction of suffering from one of the […]

Learn More

5 Key Changes and Actions FIs Must Take to Comply with CNBV

1. Define ‘Observable Behaviors for Fraud Management’

The behaviors are classified into two categories: 

  • Internal fraud: Fraud committed by employees using privileged access or altering records
  • External: Scams like impersonating customers, stealing credentials, or faking institutional identities.

These behaviors must be detected, prevented, and addressed swiftly to mitigate losses and protect customers.

2. Fraud Prevention Management Plan

Institutions must create and implement a plan with guidelines, methodologies, and minimum actions for the prevention, detection, and timely response to fraud. This plan must be approved by management and submitted to the CNBV.

3. Strengthen Internal Controls

Boards and management teams must take an active role in fraud prevention by implementing codes of conduct, designating responsible parties, and ensuring compliance with the new framework.

4. Establish User Transaction Amounts

Institutions must allow customers to define transaction limits. Any transaction exceeding these limits will require two-factor authentication (2FA). Non-compliance with these measures leaves banks liable for financial losses resulting from fraud.

5. Enhance Claims and Information Sharing

Minimum guidelines are set for institutions to make transparent processes for reviewing and resolving user claims, including informing users of avenues to file complaints with authorities.

Infographic illustration outlining how Mexico’s New CNBV regulatory changes require Credit Institutions to Detect, Prevent, and Mitigate certain Behaviors Infographic illustration outlining how Mexico’s New CNBV regulatory changes require Credit Institutions to Detect, Prevent, and Mitigate certain Behaviors

Why Customer-Specific Transaction Amounts are Critical

Setting transaction limits is a game-changer for fraud prevention. By analyzing individual user behavior, banks can tailor limits that reduce false positives and improve the customer experience. 

Advanced fraud detection models can:

  • Personalize transaction limits based on user activity.
  • Provide real-time alerts for unusual activity.
  • Automate decision-making to reduce operational costs. 
  • Protect users while maintaining a seamless experience. 

What Are the Main Risks of Non-Compliance with CNBV Regulations?

Failing to meet the new CNBV requirements exposes institutions to significant risks, including:

  1. Sanctions: Non-compliance will result in penalties per applicable laws.
  2. Increased Fraud Risk: Lack of regulatory controls could increase exposure to fraud and financial losses. 
  3. Eroded Trust: Ultimately, customers may lose confidence in institutions that fail to protect them. 

Key Deadlines for Implementation

The resolution went into effect on June 15, 2024. Transitional deadlines for credit institutions to meet the new requirements are:

Multiple Banks:

  • Fraud management plan submission: 180 days to submit the first fraud prevention management plan.
  • Plan Implementation: 10 months to implement the plan and comply with the new regulations.
  • Establishment of Users’ Transaction Amounts: 16 months to establish the User’s Transaction Amount.

Development Banks:

  • Fraud management plan submission: September 30, 2025
  • Plan Implementation: January 2, 2026
  • Establishment of Users’ Transaction Amounts: July 2, 2026

The Bottom Line

The CNBV’s regulatory changes are a significant shift in Mexico’s fight against fraud. By embracing these measures, credit institutions can enhance their defenses, meet compliance standards, and create a safer financial environment for customers.  

AI-powered fraud prevention solutions, such as machine learning and real-time analytics, offer a path forward for institutions to manage risk, automate fraud prevention, and improve customer experiences. Now is the time to act—not just comply, but to be the leader in fraud prevention innovation. 

All expertise and insights are from human Feedzians, but we may leverage AI to enhance phrasing or efficiency. Welcome to the future.

Page printed in December 28, 2024. Plase see https://www.feedzai.com/blog/cnbv-regulatory-changes-finding-balance-between-security-and-user-experience for the latest version.