Introduction to the New Regulatory Measures
In an effort to bolster anti-fraud guidelines within Mexican banking institutions, the National Banking and Securities Commission (CNBV) is implementing one of its most ambitious regulatory measures in recent years. This new regulation mandates that banks enhance their controls to prevent and investigate fraudulent activities targeting their clients.
Background: Rising Fraud Concerns
According to data from the National Commission for the Protection and Defense of Financial Users (CONDUSEF), between January and September 2024, there were 4.9 million complaints from bank clients, with 73% related to potential fraud.
Regulatory Response: Strengthening Fraud Prevention
In response to these alarming figures, the CNBV published new regulations in June 2024, aiming to bolster banks’ fraud prevention, detection, and timely response capabilities.
Key Aspects of the New Regulation
Experts in banking regulation, Samantha Beltrán and Rafael Valencia, outline the initial steps of this regulation: the creation and submission of a Fraud Management Plan. This plan must cover robust internal controls for fraud prevention and detection, client identity verification, monitoring of unusual transactions through automated systems, internal training, and audits.
The regulation establishes minimum guidelines for fraud prevention management plans, specifying internal actions and controls financial institutions must implement to mitigate fraud risks.
New Figures and Roles Introduced
The new regulations introduce figures such as the security officer, fraud management committee, fraud prevention responsibility holder, detection system, communication channels, digital identification operations, among others.
Targeted Conducts
Mary Pily Loo Castillo, Director General of Operational and Technological Risk at CNBV, explained that the regulation’s purpose is to establish guidelines for detecting, preventing, and investigating specific conducts like identity theft, data theft, institutional impersonation, misuse of privileged information, malware attacks, and false check emission.
“We’ve identified instances where unauthorized individuals obtain clients’ sensitive data through phone calls. The regulation mandates investigating how these individuals acquired such privileged information,” Loo Castillo stated.
Implementation Timeline
The new rules set deadlines for implementing the regulations. For example, banks had until December 2024 to submit their fraud prevention management plans and until April 2024 for implementation.
Additionally, these obligations require financial institutions to adapt their branches for customer security enhancements by October 2024, installing security barriers.
Another aspect involves implementing an interbank communication channel for sharing information about employees suspected of fraud, effective from October 1, 2024.
Impact on Bank-Client Relationships
Starting October 1, the new regulation will affect banks’ relationships with their clients by introducing the User Transaction Amount concept. Initially determined by the user, this amount will aid in detecting transactions deviating from typical usage patterns and prevent potential fraud.
This regulation applies only to multiple and development banking, with implementation deadlines extending until 2027.
