04 Jun CNBV issued the data exchange process through the use of APIs.
June 4, 2020 – Fintech Law in its article 76 establishes the obligation for financial entities, money transmitters, credit information companies, clearing houses, financial technology institutions and companies authorized to operate with novel models, to establish APIs (application programming interface ) that enable the connectivity and access of other interfaces to share information.
As a result, the CNBV issued the General Provisions related to the standardized computer application programming interfaces referred to in the Law to regulate financial technology institutions, which regulate: i) the participation of applicants and data providers, ii ) rules for authorization by the CNBV to access the data of the different data providers to whom it requests access through said APIs, considering 3 annexes for the above, iii) the process to be followed by the applicants data and the consideration that must be paid for the data exchange, iv) the data that can be shared, which in this first phase is only covered by ATMs (location and services offered), v) the requirements that must be met the infrastructure of data providers to share information, vi) minimum requirements of the information security policies of the providers data, which protects the own infrastructure or that of third parties, as well as the confidentiality and integrity of data that is shared through APIs, vii) security guidelines for open data, viii) rules for the interruption of access and exchange of information, as well as the process to follow to notify the authorities, and ix) the requirements of the regularization programs that must be observed in case of non-compliance.
These rules will enter into force on June 5, 2020, one day after their publication in the Official Gazette of the Federation.
Jurisdictions affected: Mexico
For more information, visit Secretaría de Gobernación.