Stablecoins and Blockchain

Stablecoins and blockchain in Mexico: legal and operational guide

In brief

In Mexico there is no single answer for every stablecoin. Classification depends on the rights attached to the token, the function of each participant, the fiat and virtual-asset route, and the territorial connections. This guide organizes forty substantive microblogs into four dossiers: regulatory perimeter, operation, compliance, and contracts.

Five-layer map for the legal analysis of a stablecoin in Mexico.
Classification begins with functions, rights, and flow; the token's name does not replace the analysis.

Regulatory cutoff: July 9, 2026. The LRITF and LGOAAC consulted show a latest amendment of November 14, 2025; the LFPIORPI, of July 16, 2025; the CFF, of April 9, 2026; and the LFPDPPP, of November 14, 2025. Before publishing, the official sources must be reopened.

The four dossiers

The four dossiers. Columns: Dossier, Integrated microblogs, and Coverage.
Dossier Integrated microblogs Coverage
Legal nature and regulatory perimeter of stablecoins Topics 151–160 Legal nature, Ley Fintech, Banxico, LFPIORPI, and taxation
OTC operation, on/off-ramp, payments, and remittances with stablecoins Topics 161–170 OTC, on/off-ramp, payments, remittances, and dual model
KYC, Travel Rule, wallets, and traceability in stablecoins Topics 171–180 KYC, KYB, Travel Rule, wallets, PEP, lists, and alerts
Contracts, custody, settlement, and risks of stablecoins Topics 181–190 Contracts, ownership, custody, price, settlement, and exit

The legal decision in five layers

1. Digital unit

The first test asks how the representation of value is recorded and transferred, what the public uses it for, and whether it fits the applicable legal definition. A 1:1 reference to a currency does not automatically turn the token into legal tender or foreign currency.

2. Holder's right

It must be documented whether there is an identifiable issuer, who may demand redemption, which assets back the promise, who holds title to the reserves, and what happens in the event of a freeze, depeg, or insolvency. The contractual claim may require an analysis distinct from that of the token.

3. Service and flow

Each entity must be associated with concrete verbs: receiving funds, converting, safeguarding keys, exchanging, transferring, or delivering to a beneficiary. In payments and remittances, the money-transmission assessment is made on the actual flow and the consideration, not on the technological interface.

4. Compliance and evidence

The file combines identity, beneficial owner, purpose, origin and destination, wallets, accounts, alerts, and on-chain evidence. The SPPLD registration is not a commercial license, and the Travel Rule must distinguish between a current Mexican obligation, the GAFI standard, and a counterparty's contractual requirement.

5. Contract and exit

The contract must reproduce the operational flow: ownership, custody, price, prefunding, finality, incidents, third parties, privacy, termination, and return. A generic risk clause does not replace tested controls or an exit plan.

How to use this guide

Decision matrix before launching

The review should not begin by asking whether “stablecoins are regulated.” That question is too broad to produce a control. It is better to formulate verifiable decisions and assign each one an output document.

Decision matrix before launching. Columns: Decision, Control question, and Output evidence.
Decision Control question Output evidence
Asset What does the unit represent, how does it circulate, and what legal exclusion might apply? Token fact sheet, network, terms version, and article 30 conclusion
Issuer Who promises to redeem, who may demand it, and with what reserves? Matrix of rights, obligor, eligibility, reserve, and suspension events
Mexican entity Which company contracts, receives pesos, instructs, or delivers? Diagram by entity with associated accounts, systems, and contracts
Vulnerable activity Is there habitual exchange, custody, storage, or transfer? Matrix of article 17, section XVI, and obligations under article 18
Money transmission Are funds received in Mexico to transfer or deliver them upon instruction? Article 81-A Bis test by element and by participant
ITF or bank Does the operation belong to a regulated entity and require a determination or authorization from Banco de México? Perimeter opinion, applicable authorization, and product restrictions
Taxation What is the principal, the consideration, the income, the cost, and the moment of accrual? Bridge between contract, quote, CFDI or supporting document, accounting, and reconciliation
KYC and Travel Rule What data must accompany the originator, recipient, VASP, account, and wallet? File index, legal matrix by country, and control of missing data
Custody Who holds signatures, keys, or authorizations sufficient to move the asset? Matrix of access, multisignature, sub-custody, recovery, and audit
Settlement When is ownership transferred and when is a delivery considered final? Settlement states, DvP rule, confirmations, and treatment of failures
Privacy What data travels, for what purpose, to whom, and with what security? Data map, notice, contracts with processors, and analysis of transfers
Exit How are assets, funds, and data returned if a party fails? Tested runbook for termination, migration, insolvency, and communication

This matrix works as the cover page of the file. A “not applicable” answer also needs a basis, an author, a date, and assumptions. When two areas answer differently —for example, operations affirms that the company never receives funds, but treasury reconciles an account in its name— the contradiction is a finding, not a drafting detail.

Minimum documentary architecture

A solid product does not need an isolated memo, but a system of documents that are updated together. The central piece is the versioned flow diagram. It must show entities, users, bank accounts, wallets, liquidity providers, custodians, networks, currencies, assets, data, and jurisdictions. Each arrow must indicate what moves, on whose behalf, under what instruction, and with what evidence.

The second component is the perimeter matrix by function. Its rows are not brands or application modules, but verbs: issue, receive, hold a balance, exchange, safeguard, transfer, deliver, quote, reconcile, and report. For each verb, an entity, a legal basis, a contract, a control, and a conclusion are assigned. This structure prevents one company's license from being used as an explanation for the entire group.

The third is the inventory of the holder's rights. It must distinguish ownership of the token, a claim against the issuer, access to redemption, priority over reserves, and the consequences of a freeze. Two users of the same asset may have different rights if one accesses the issuer directly and the other only holds a contractual balance against a platform.

The fourth is the fiat-on-chain reconciliation ledger. The operation must link order, identity, source account, quote, fee, hash, network, destination wallet, credit or delivery, and final balance. Systems may distribute this information, but the file needs a common identifier. Orphan entries, manual returns, and wallet changes deserve an exception flow and an approver.

The fifth is the matrix of preventive obligations. It includes registration and updating on the register where applicable, identification, beneficial owner, retention, notices, originator and recipient information, training, audit, and governance. It must distinguish between a current legal obligation, an international standard, an internal policy, and a third party's requirement; mixing those categories produces controls that are impossible to explain.

The sixth is the contractual package: terms with the client, mandate or commission, banking agreements, liquidity, custody, technology, data, and intercompany services. All must tell the same story about ownership, receipt, execution, price, liability, and exit. If a provider changes its model without updating the contract, a gap opens that must be resolved before continuing.

The seventh component is the register of decisions and exceptions. It must preserve the question, the facts, the source, the analysis, the approver, the date, the validity period, and the review trigger. A screenshot or a message saying “approved” is not enough. A useful exception contains a limit, a term, a compensating control, and a closing condition.

Review route by stage

Stage 1: discovery

Product, treasury, operations, technology, privacy, and legal separately describe the flow they believe exists. The differences become questions. The team inventories the issuer's terms versions, admitted networks, accounts, wallets, providers, and countries. At this stage no classification is promised: the version of the product to be analyzed is fixed.

Stage 2: perimeter and viability

The tests of LRITF, LFPIORPI, LGOAAC, taxation, and privacy are applied by function and entity. For foreign corridors, local analysis is obtained where necessary. The result is not only “viable” or “not viable”: it must indicate operating conditions, excluded activities, authorizations or registrations, prior controls, and questions that prevent moving forward.

Stage 3: control design

Each obligation is converted into a system or procedure requirement. Examples: a wallet cannot be activated without a link to a file; a quote expires automatically; an operation is not executed with mandatory data missing; a return goes only to a verified source; and an alert prevents settlement until a decision exists. The control must specify owner, evidence, exception, and test.

Stage 4: contracting and testing

Contracts are reviewed against the final diagram and not against a commercial presentation. Normal cases and failures are tested: wrong network, incomplete credit, price outside the window, provider unavailable, missing Travel Rule data, a match on lists, depeg, and termination. The product only moves forward when operations can produce the evidence that the memo and the contract assume.

Stage 5: operation and change

After launch, the review is fed by reconciliations, alerts, incidents, complaints, returns, regulatory changes, and provider performance. Each version of the product keeps its entry date, approvers, and documents. The change committee must know which events reopen the opinion before deploying.

Scenarios that require reopening the analysis

  • New asset or new network. The issuer's terms, confirmations, freeze risks, custody, and technical evidence change. Equivalence must not be assumed just because two tokens maintain the same reference.
  • Change of issuer or reserves. A change in obligor, backing composition, audit, eligibility, or redemption alters the matrix of rights and the insolvency risk.
  • New entity or account. Receiving or settling from another company may shift regulated functions, tax liability, privacy, and reconciliation.
  • New custody or sub-custody. Key control, access, recovery, incidents, ownership in transit, and dependence on third parties change.
  • New liquidity provider. License, jurisdiction, prefunding, netting, limits, return, and exit plan must be reviewed.
  • New international corridor. It reopens licenses, Travel Rule, data, sanctions, taxes, payment methods, claims, and contractual enforcement.
  • Different fee or spread. It affects transparency, quote acceptance, accounting, VAT, income, and reconciliation.
  • Change in captured data. Incorporating biometrics, wallet analytics, or a foreign provider requires reviewing purpose, notice, security, and transfer again.
  • New marketing or target audience. Offering the product to consumers, residents of another country, or non-professional users may modify the perimeter and the disclosure obligations.
  • Incident, depeg, or issuer restriction. The actual response reveals whether ownership, risks, communication, return, and continuity were correctly assigned.

Frequently asked questions for management

Is a 1:1 backed stablecoin always outside the definition of virtual asset?

No. The reference and the backing are product data, but the conclusion requires applying the legal elements to the use and transfer of the unit, in addition to studying the claim against the issuer. The file must avoid both automatic classification and automatic exclusion.

Does registration with SPPLD allow the company to advertise that it is authorized?

It must not be presented that way. The registration is an administrative obligation of the preventive regime; it does not by itself amount to a financial license or an endorsement of the model. Advertising must precisely describe the status of each entity and service.

Does contracting a money transmitter resolve the fiat component?

Only with respect to the functions that transmitter performs within its registration and contract. The company must review who receives funds, who gives instructions, who converts, who safeguards, and who delivers. The rest of the stack keeps its own analysis.

Is a blockchain hash sufficient evidence?

Not on its own. It must be linked with network, asset, addresses, date, block, order, client, quote, bank account, analysis, and decision. Without context, the hash proves a technical transaction, but not necessarily the complete legal operation.

Does the Travel Rule apply the same in all countries?

No. There is an international standard, but its incorporation, subjects, thresholds, data, and supervision vary. In addition, a counterparty may require data by contract. The matrix must separate those three sources and document what happens if information is missing.

Does a non-custodial wallet eliminate the operator's liability?

Not automatically. It reduces or modifies key control, but the operator may still exchange, transfer, receive funds, or facilitate the operation. Address control, identity, traceability, and the remaining functions must be tested.

Is it enough to warn that transfers are irreversible?

The warning is only one layer. Network and address validation, dual approval where appropriate, rules for ambiguous data, fraud prevention, and an incident protocol that preserves evidence and communicates real options are needed.

How is the analysis kept from becoming obsolete?

Each conclusion must have a date, a product version, sources, assumptions, an owner, and reopening triggers. Periodic review does not replace change control: a material change may require immediate analysis, even if the annual review is still far off.

Editorial limits

This content is general. It does not state that every stablecoin is automatically a virtual asset, foreign currency, electronic payment fund, or financial instrument; nor that every foreign VASP is subject to the same obligations. Tax, territorial, and authorization conclusions require facts, regulatory versions, and specific advice.

Next step

SVA.LAW can review Stablecoins and blockchain in Mexico: legal and operational guide within the specific model and turn the Stablecoins and Blockchain analysis into decisions, owners, and implementation evidence. Start a conversation.

Editorial route

Legal nature, Ley Fintech, Banxico, LFPIORPI, and taxation

Legal nature and regulatory perimeter of stablecoins

Legal nature and regulatory perimeter of stablecoins | SVA LAW guide on regulatory decisions, operational controls, and evidence in Mexico.

KYC, KYB, Travel Rule, wallets, PEP, lists, and alerts

KYC, Travel Rule, wallets, and traceability in stablecoins

KYC, Travel Rule, wallets, and traceability in stablecoins | Practical SVA LAW guide to identify the decisions, controls, and evidence applicable in Mexico.