On Friday, March 27, 2026, the Decree amending, adding, and repealing various provisions of the Regulations to the Federal Law for the Prevention and Identification of Transactions with Funds from Illicit Sources ("LFPIORPI") was published in the Evening Edition of the Official Gazette of the Federation, which entered into force on March 28, 2026. The reform aligns the Regulations with the amendments to the LFPIORPI published in 2025 and substantially strengthens the supervisory and sanctioning framework for anti-money laundering and counter-terrorism financing.
The most relevant changes are highlighted below:
Article 2 now incorporates the concepts of "Reports," "List of Politically Exposed Persons," “Advanced Electronic Signature and "Public Faith Depositaries"— the latter now includes notaries, commercial brokers and now public servants vested with notarial authority by law, and both public and private facilitators under the General Law on Alternative Dispute Resolution (Ley General de Mecanismos Alternativos de Solución de Controversias).
Additionally, the regulatory definition of "Client or User" is repealed, as it will now be governed directly by the Law.
The Financial Intelligence Unit (UIF) will be able to issue the format for authorities to compile the List of Politically Exposed Persons (PEP) and will promote the coordinated implementation of specialized units for receiving and analyzing asset information among the States.
The Tax Administration Service (SAT) expands its powers to: (i) conduct verification visits at the taxpayer's tax domicile registered with the Federal Taxpayer Registry (RFC) when the obligated party cannot be located at its registered address; (ii) monitor compliance with audit report obligations and require the remediation of identified observations in internal or external audits, when obligated parties fail to comply within statutory deadlines; (iii) request the assistance of federal or local law enforcement, when circumstances so require, for the exercise of its powers; (iv) issue notifications of requests or information requirements electronically, in accordance with the general rules; and (v) require obligated parties to submit the audit report and corresponding supporting documentation evidencing the remediation of identified inconsistencies.
If a request from the FIU or the SAT is not addressed within ten business days—or within the five additional business day extension—the SAT will impose sanctions within a maximum of ten business days, without the need to exhaust the sanctioning procedure under the Federal Administrative Procedure Law. This represents a significant tightening compared to the prior regime, which did not expressly exclude such procedure.
The transaction date to be considered for identification and reporting purposes shall be the date established in the general rules for each Vulnerable Activity.
Regarding accumulation, transactions carried out with the same person must be considered over a period of up to six months; the corresponding report must be filed upon reaching or exceeding the applicable threshold, even if such period has not been exhausted.
Article 7 Bis is added, pursuant to which the 24-hour report required by the Law must be filed even when the transaction was not completed, provided that the data identifying the person who attempted to carry out the transaction is available.
This obligation will become effective once the official report forms are updated.
The minimum retention period for reports, notices, supporting documentation, and electronic acknowledgments increases from five to ten years. The same obligation applies to Collegiate Entities. The retention period will begin to run from transactions carried out as of July 17, 2025.
Article 12 Bis is added, which requires those who carry out Vulnerable Activities to obtain and retain an internal or external audit report, along with documentation evidencing the remediation of observations, which may be requested by the SAT.
Article 39 of the Regulations is amended to require those who carry out Vulnerable Activities to implement personnel selection processes and annual training programs.
Annual training must include, at a minimum: (a) the content of internal policies, criteria, measures, and procedures developed for regulatory compliance; (b) dissemination of the Law, the Regulations, the general rules and their amendments, as well as techniques and methods for preventing and detecting illicit transactions; and (c) the development of personnel selection processes and training programs for those assisting in filing notices.
It is clarified that those who cease carrying out Vulnerable Activities must deregister from the registry (padrón), with deregistration taking effect as of the date it is filed. If deregistration is not completed, registered parties must continue filing notices and reports.
This is particularly relevant in mergers and acquisitions where an entity ceases Vulnerable Activities following the closing of a transaction.
New Article 10 Bis allows the SAT to support its resolutions with information from its own databases, third parties, and consular offices. Information contained in digital tax receipts (CFDI) and SAT databases is presumed to be accurate, and certified copies shall have the same evidentiary value as originals.
Chapter Six Bis is created (Articles 45 Bis through 45 Quinquies). The PEP List is compiled by the FIU, and its content is subject to the General Transparency Law and the National Security Law. Financial Entities and those who carry out Vulnerable Activities may consult the FIU through electronic means to determine whether a person is a PEP, when they cannot make such determination themselves after identification and identity verification. The obligated authorities must update the information on the list within five business days following any change.
The reform introduces relevant adjustments to the treatment of various Vulnerable Activities: "linked transactions" in gaming and raffles is defined (325 UMA within 24 hours); the catalog of monetary value storage instruments is simplified; the moment of the transaction for loans or credit is moved to the actual disbursement of funds—no longer the signing of the contract; securities without intrinsic or stated value will always be subject to reporting; and duplicate reporting is eliminated when a transaction falls simultaneously under subsections a) and b) of Section XVI.
Agreements with the SAT and the FIU may not exceed ten years, and their renewal will be conditional upon satisfactory quality of reports and compliance with obligations. The obligation to implement personnel selection processes and annual training programs is added.
New Article 55 Bis regulates the self-disclosure mechanism provided for in Article 55 of the Law. The obligated party must: file a written statement with the SAT; specify all violations committed; declare under penalty of perjury that such violations have been corrected; and attach documentation evidencing compliance.
The reform requires immediate action. We recommend prioritizing the following measures:
At Mijares, we have extensive experience advising obligated parties on compliance with their AML/CFT obligations. We are at your service to answer any questions and support your organization in adapting to the new requirements.
The information contained in this Client Alert is for informational purposes only and does not constitute legal advice. For any related inquiries, please contact our Regulatory Compliance team.
Awards
.svg){kind=small}
