Amendments to the LFPIORPI Regulations: Key Changes for Regulated Entities

On March 27, 2026, the Decree amending, supplementing, and repealing various provisions of the Regulations of the Federal Law on the Prevention and Identification of Transactions Involving Proceeds of Crime (“Regulations”) was published in the Official Gazette of the Federation .

The reform took effect the following day and is primarily intended to align the 2013 Regulation with the 2025 amendment to the LFPIORPI, incorporating more detailed operational rules and strengthening the supervisory framework applicable to those engaged in Vulnerable Activities.

Although the decree amends a considerable number of articles, its practical impact can be summarized in a few key areas:

• Strengthening of authority.
• New rules for notifications and batch processing.
• Increased documentation and audit requirements.
• Specific regulations regarding politically exposed persons. 
• Operational adjustments for regulated entities and specific sectors.

1. The SAT's oversight capacity is being strengthened

One of the most significant changes in the reform is the explicit strengthening of the SAT’s powers under the regime applicable to Vulnerable Activities. The Regulation no longer merely designates it as the authority responsible for receiving notices or maintaining the registry, but rather specifies in greater detail its powers to verify compliance, request information, conduct and resolve penalty proceedings, issue electronic notifications, and request audit reports and evidence of compliance.

This point is important because, although the 2013 Regulation already recognized several of these powers, the 2026 reform expands their scope of application and makes them more explicit, particularly with regard to audit oversight, follow-up on observations, and reporting mechanisms.

• Response Deadlines: Upon receiving a request for information, regulated entities must respond within ten business days, with an extension of up to five business days if requested within the original deadline.
• Notice of Findings: Following the review, the SAT will issue a detailed notice and grant five business days to submit evidence refuting the findings.

In addition, the inclusion of Article 10 Bis strengthens the tax authority’s evidentiary position by allowing the SAT to base its decisions on case files, documents, databases, and other information to which it has access, including that contained in digital tax receipts issued online (CFDI), the accuracy of which may be presumed.

2. Change the operational logic of the alerts

The reform also provides greater clarity on how transactions or operations should be identified and reported. Specifically, Article 6 clarifies that, when determining the amount or value of a transaction, taxes and surcharges should not be included; however, when filing the Notice, the total amounts actually paid must be reported, including those items, without the need for a breakdown.

In addition, there is a significant amendment to Article 7. While the previous Regulation already provided for the aggregation of transactions over a six-month period, the amendment specifies that the Notice must be filed as soon as the last transaction causes the relevant threshold to be reached or exceeded, even if that period has not yet ended. It also clarifies that if an activity does not have minimum identification thresholds, all acts or transactions shall be considered Vulnerable Activities and shall be subject to aggregation.

The practical implications of this change are clear: it requires regulated entities to review their internal monitoring mechanisms to ensure that the notification is triggered at the appropriate time, rather than waiting until the end of the reporting period.

3. The 24-hour notice is expressly included

Among the most notable changes in the decree is the addition of Article 7 Bis, which governs the 24-hour notice requirement. Under this provision, the notice must be filed even if the act or transaction does not ultimately take place, provided that information identifying the person who attempted to carry it out is available.

This change confirms that the reporting requirement is no longer limited to completed transactions but may also apply to attempted transactions in the cases provided for by law. However, the decree itself clarifies in its transitional provisions that the practical implementation of this obligation will depend on the updating of the relevant official forms.

4. The administrative burden increases, and the audit process becomes more formalized

Another significant change is the extension of the document retention period. Article 20 now requires that copies of notices and reports, their supporting documentation, and the corresponding electronic acknowledgments be retained, either physically or electronically, for a period of no less than ten years.

This is a significant change from the 2013 Regulation, which established a general five-year retention requirement. The reform not only extends the retention period to 10 years but also expands the scope of documents that must be retained, thereby strengthening the expectation of traceability and the availability of evidence in response to requests from regulatory authorities.

Similarly, the new Article 12 Bis establishes the obligation to obtain and retain the report resulting from an internal or external audit, as well as documentation verifying the correction of any observations or inconsistencies identified during that process. This information must be provided to the SAT upon request.

In practical terms, this means that compliance is no longer limited to filing notices; it also requires retaining supporting documentation that verifies the resolution of any inconsistencies or deficiencies identified during audits.

5. A specific regime is established for politically exposed persons

One of the most important aspects of the reform is the addition of Chapter Six Bis, which pertains to the List of Politically Exposed Persons. The Regulations now define this list, govern its compilation by the FIU, and establish the framework for consulting it in specific cases.

In particular, entities engaged in Vulnerable Activities may consult the FIU when, after identifying and verifying their customer or user, they are unable to determine whether that person is a Politically Exposed Person. Such consultation may only be made for the purpose of continuing to comply with their legal obligations.

This point must be understood carefully. The reform does not establish an open consultation process or allow for the unrestricted dissemination of information, but rather creates a regulated mechanism subject to conditions of confidentiality, discretion, and technical guidelines. It also stipulates that the information on the list must be updated by the relevant authorities within five business days of any change.

6. Operational requirements for regulated entities are adjusted

The reform stipulates that, for registration with the SAT, trusts and legal entities must use the Advanced Electronic Signature associated with their own Federal Taxpayer Identification Number (RFC).

In addition, the Regulation updates the rules regarding the date of an act or transaction, referring that determination to the general rules applicable to each activity and specifying specific cases applicable to notaries.

With regard to due diligence, the decree maintains the option of applying simplified identification measures for low-risk customers and provides that general rules may establish exceptions regarding the identification of the Controlling Beneficiary. However, the specific implementation of these provisions continues to depend largely on secondary regulations.

7. The reform also introduces significant changes in specific sectors

In addition to structural changes, the decree includes specific provisions for certain sectors and activities. These include:

• Games and Sweepstakes: New rules regarding linked transaction series, classifying transactions as "Vulnerable Activity" when the total value of transactions is equal to or greater than 325 times the UMA within a 24-hour period.
• Financial Instruments: Update to the treatment of vouchers, coupons, and e-wallets, eliminating the thresholds of 645 minimum wages that were in place in 2013.
• Notaries Public: Requirements to provide more detailed information regarding the amount, date, method of payment or deposit, and currency used, as well as clients’ statements regarding such payment methods.

These adjustments show that the reform aims not only to strengthen oversight in general, but also to close operational gaps in specific activities.

8. Voluntary Compliance Procedure and Penalty Relief

In addition, Article 55-A of the Regulations is hereby incorporated, which governs the procedure by which obligated parties may access the benefits set forth in Article 55 of the Law (reduction or waiver of penalties) through the express acknowledgment of noncompliance. This procedure requires the submission of a written statement to the SAT, signed by the obligated party or its legal representative, in which:

• Clearly and precisely detail the violations committed, as well as the transactions and time periods involved;
• Declare, under oath, that the aforementioned deficiencies have been corrected or remedied;
• Please attach documents proving full compliance with the obligations that were not met.

The article also clarifies the initial timeframes for the verification procedure (five days) and the penalty procedure in accordance with the Federal Administrative Procedure Act, thereby establishing a clearer operational framework for voluntary compliance. The effective application of this benefit is subject to the guidelines to be issued by the authority through general regulations.

Additional Transitional Provisions

It is important to note that for transactions carried out on or after July 17, 2025, those required to file reports for activities covered by Article 17, Section XII must apply the new reporting threshold or scenario. Furthermore, the official forms in effect as of July 17, 2025, must continue to be used until the Financial Intelligence Unit (UIF) publishes its updates.

Conclusion

The amendment to the LFPIORPI Regulations represents much more than a technical update to the 2013 text. Its actual effect is to bring into force several of the obligations introduced by the 2025 legal reform and to raise the compliance standards required of regulated entities.

The most significant changes focus on expanding the SAT’s supervisory authority, establishing more precise rules for filing notices, strengthening document retention and audit requirements, formally incorporating provisions regarding Politically Exposed Persons, and implementing various operational adjustments that will directly impact how regulated entities document, monitor, and report their transactions.

In this context, it is advisable to begin reviewing internal policies, records, identification procedures, risk matrices, protocols for responding to requests, and document retention schedules, keeping in mind that certain obligations will continue to depend on general regulations and updates to official forms.