Amendments to the Regulations of the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin (AML Law): Key legal implications

Below is a summary of the changes, we consider the most relevant from a compliance and regulatory risk perspective:

1. Accumulated transaction notices: The transactions accumulation procedure is expressly established, taking into account only those transactions that exceed the identification threshold within a period of up to six months. Notices must be submitted at the time in which the last transaction is carried out that reaches or exceeds the reporting threshold, even if a period of six months has not yet elapsed.
2. Strengthened verification and sanctioning powers: The Financial Intelligence Unit (hereafter “FIU”) and the Tax Administration Service (hereafter “TAS”) may request information and documentation, directly or through electronic means, to verify compliance with the AML Law. Such requests must be responded within 10 business days, with the possible extension of up to 5 business days. Any comments from TAS must be addressed within 5 business days. Non-compliance with the requirements, such as incomplete information, may result in the prompt imposition of administrative penalties.
3. Enhanced identification of Politically Exposed Persons (“PEPs”): Financial institutions and those who carry out vulnerable activities in accordance with article 17 of the AML Law that cannot determine if a potential client is considered a PEP will be able to check with the FIU using the electronic systems set up for this purpose.
4. Regularization mechanism: the amendment sets out the procedure for express recognition provided for in the AML Law, whereby the TAS may, in certain circumstances and subject to compliance with the applicable requirements, refrain from imposing penalties To qualify for this benefit, those who carry out vulnerable activities must: a) submit a written statement to the TAS; b) outline all the breaches committed in the statement; c) declare on oath that the breaches have been rectified; and d) submit documentation to prove the compliance with the obligations that were subject of the breach. Additionally, they must comply with the general rules.
5. Establishment of specific criteria for those carrying out vulnerable activities, such as: a) games and prize draws; b) the issuance or trade of monetary instruments; c) the granting of loans and credit; e) the transfer of securities; f) service provision; and g) virtual assets.

The amendment to the regulations must be read in the context with the 2025 reform of the AML Law, which already provided key obligations, such as:

1. Mandatory registration;
2. Strengthening of the beneficiary owner framework;
3. Mandatory implementation of the risk-based approach;
4. Use of automated systems for transaction and client monitoring;
5. A minimum record-keeping period for 10 years;
6. Mandatory audits and employee training; and
7. Submission of 24-hour notices.

The amendments are in force since March 28, 2026.

Note that the publication of the general rules under the AML Law is still pending; these are crucial to fully harmonize the regulatory framework in this area. In this context, we recommend that those who carry out vulnerable activities review and, if necessary, update their compliance programs, including their policies and procedures manual, to ensure that incorporate customer identification records, controls on the accumulation of transactions, PEP identification processes, policies on data retention, and overall capacity to comply with regulatory requirements, in order to mitigate regulatory risks and potential penalties.

If you require further information or assistance with these amendments, the Hogan Lovells team is available to assist with any aspect of its implementation.

De Noriega O., Federico

Dominguez de P., Angel

Larrea, Guillermo

Quinzanos, Juan

Altamirano C., Jose Carlos

Vega, Dulce S.

Authored by Juan Quinzanos, Jose Carlos Altamirano, and Dulce S. Vega.