Garrigues Digital_

Legal innovation in Industry 4.0

 

Garrigues

ELIGE TU PAÍS / ESCOLHA O SEU PAÍS / CHOOSE YOUR COUNTRY / WYBIERZ SWÓJ KRAJ / 选择您的国家

Fintech: New general provisions regarding APIs in Mexico

APIs or application programming interfaces (APIs) are a set of protocols used to develop and integrate software applications. APIs are the technology that allows different applications to communicate with each other. That is why they are a key tool to simplify and make development and innovation more efficient. Due to their functionality, APIs have positioned themselves as the drivers of digital transformation in the financial sector.

On June 4, 2020, the National Banking and Securities Commission (CNBV) published in the Official Gazette of the Federation the General provisions regarding the standardized computer application programming interfaces referred to in the Law for the Regulation of Financial Technology Institutions", which became effective on June 5, 2020.

The Provisions were issued pursuant to Article 76 of the Law for the Regulation of Financial Technology Institutions, which requires Financial Entities, Financial Technology Institutions, entities operating under Innovative Models and money transfer providers, to exchange data through APIs in order to promote competition in the markets.

The Provisions regulate, inter alia, the following:

  • The regulated entities that must obtain authorization from the CBNV to operate APIs. The regulated entities may be:
    • Data Applicants: Entities requesting access to open data.
    • Data Providers: Entities required to establish APIs in order to share open data.
  • The requirements that must be met to obtain the authorization from CNBV for the establishment and operation of the APIs.
    • Data Providers shall have an information security policy, which protects the IT infrastructure that supports the operation of the APIs, as well as the confidentiality and integrity of the shared data.
  • The minimum infrastructure requirements for the operation of APIs.
  • To notify CNBV of information security incidents, as well as interruptions in access to information.
  • Procedure for the authorization and registration of the fees that the Data Providers intend to charge to the Data Applicants for the use of the APIs.
  • Regularization programs applicable to the entities that fail to comply with the Provisions. The regularization shall be implemented no later than 3 months following CNBV’s approval of the program.