Artificial Intelligence in Financial Services: Opportunities, Risks, and Regulatory Considerations in Mexico.

BANKING AND FINANCE / by Miguel Gallardo Guerra

The conversation aboutartificial intelligence in financial serviceshas evolved rapidly. Not long ago, AI was primarily presented as a tool for efficiency, automation, or predictive analytics. Today, while it remains all of those things, it has also become a matter of corporate governance, compliance, operational risk, and oversight. In the financial sector, this transition is particularly significant, because few industries rely as heavily on data-driven decisions, automated processes, and control structures as banking, fintech companies, and other regulated entities.

In Mexico, although there is not yet a comprehensive and autonomous sector-specific regulatory framework dedicated exclusively to financial AI, the regulatory authority has already shown clear signs of technological modernization. In its 2024 Annual Report, the CNBV publicly highlighted the promotion of projects related to cloud computing and the use of artificial intelligence as part of its institutional strategy. This reference is significant because it reveals that the technology is already on the regulatory radar—not only as a driver of private innovation but also as part of the regulatory framework’s own evolution.

For organizations in the sector, this means that the debate onAI and compliance in Mexicocannot be limited to asking whether a tool improves productivity. It must also address what data it uses, what decisions it supports, what biases it may amplify, what evidence it leaves behind, who oversees it, and how it integrates with existing controls. In areas such as onboarding, transaction monitoring, fraud prevention, scoring, customer service, or alert prioritization, the use of AI can generate significant efficiencies, but it can also amplify risks if there is no internal governance framework in place.

From a legal standpoint, one of the most significant challenges is to dispel the misconception that, in the absence of specific AI regulations, the issue falls outside the scope of compliance. In reality, even without a specialized sector-specific law, the implementation of these tools may involve areas that are already regulated: data protection, information security, internal control obligations, transparency toward users, auditing, anti-money laundering, and the management of technology third parties.

Therefore, the proper discussion is not whether AI should be used in financial services, but rather under what conditions it should be deployed. The institutions that will make the most solid progress are those that document use cases, define responsibilities, validate data quality, establish mechanisms for human oversight, and periodically evaluate the results generated by the models or tools used.

In the short term, competitive advantage will not lie solely in adopting artificial intelligence, but in adopting it within a regulatory framework. For banks, fintech companies, and specialized providers, this requires an interdisciplinary approach in which technology, legal, compliance, risk, and business teams work together on a common foundation. In the financial sector, AI can accelerate processes; however, its true value will depend on how well it is governed.