Publication
Reforms to the Anti-Money Laundering Law 2025: Overview of the Federal Law for the Prevention and Identification of Operations With Illicit Proceeds (the “AML Law”)
By Alonso Sandoval, Alvaro Fox, Carlos Freaner, and Carlos Sugich
1. Background
The AML Law aims to protect the financial system and the national economy by implementing measures to detect operations involving illicit resources, thereby preventing the financing of criminal activities.
To achieve its objective, the AML Law establishes a catalog of Vulnerable Activities. Individuals or entities performing these activities must submit notices to the Ministry of Finance and Public Credit (SHCP) through the Tax Administration Service’s (SAT) Vulnerable Activities Portal.
Specific Vulnerable Activities Relevant to Real Estate Developers in Mexico
The following activities, as outlined in Article 17 of the AML Law, are subject to reporting:
- Article 17 (V): The habitual or professional provision of construction or real estate development services, or intermediation in the transfer of ownership or establishment of rights over such properties, involving purchase or sale operations on behalf of or for the benefit of clients of those providing such services.
- Article 17 (XIII): The receipt of donations by nonprofit associations and organizations, for an amount equal to or exceeding 1,605 times the daily minimum wage (currently known as “Unidad de Medida y Actualización” or UMA) in Mexico City.
General Obligations for Entities Conducting Vulnerable Activities
Entities engaged in Vulnerable Activities must comply with the following obligations:
- Registration on the SAT’s Vulnerable Activities Portal
- Register through the “Anti-Money Laundering” platform.
- Obtain a digital certificate.
- Appoint a compliance officer (otherwise, this responsibility falls on the company’s management).
- Client and Ultimate Beneficiary Identification
- Request and retain official identification documents.
- Clients must specify whether they act on their own behalf or for third parties.
- For operations with legal entities, identify the corporate structure and ultimate beneficiaries (actual owners).
- Creation of a Single File, Which Must Include:
- Purchase and sale contract.
- Copy of identification.
- Proof of address.
- Information about the financial transaction.
- Documents proving the lawful origin of the funds.
- Submission of Monthly Notices to the SAT
- Notices must be submitted by the 17th of the following month.
- Notices are required even if no operations occurred (zero notices).
- Information includes transaction amount, payment method, client details, property information, etc.
- Retention of Information for Five Years (10 Years Starting in 2025)
- Maintain physical and digital records with restricted access.
- Use secure, backed-up electronic systems.
- Training and Internal Policies
- Companies must train staff on anti-money laundering (AML) matters.
- Establish a compliance manual and designate a compliance officer.
2. 2025 AML Law Reform (Effective July 17, 2025)
On July 16, 2025, a reform to the AML Law was published, introducing a risk-based compliance framework, expanding the scope of obligated entities, and strengthening supervision and sanction mechanisms.
Expansion of Vulnerable Activities in the Real Estate Sector
A. Expansion of Construction-Related Vulnerable Activity
The reform to Article 17, Section V, broadens the scope to include not only service providers but also those directly carrying out real estate construction or development activities. This means that entities directly executing projects for their own account are now subject to the regime.
B. Inclusion of Real Estate Development as a Vulnerable Activity
A definition of “Real Estate Development” was added, described as “a project for the construction of properties or land subdivision intended for sale or lease.”
A new Section V was added to Article 17, designating as a reportable activity the receipt of funds for real estate development projects intended for sale or lease. This includes pre-sale operations and any financing modalities exceeding the threshold of 8,025 UMAs (approximately MXN $907,948.50 in 2025, or roughly USD $47,500).
C. Donations for Nonprofit Associations and Organizations
Donations received by nonprofit associations and organizations, equal to or exceeding 1,605 times the daily UMA value, must be reported. Notices are required when donations reach or exceed 3,210 times the daily UMA value (approximately MXN $363,179.40 in 2025, or roughly USD $19,350).
D. Obligations Related to Controlling Beneficiaries
Real estate developers operating through corporate structures must identify and report controlling beneficiaries based on a new 25 percent ownership threshold in the capital stock. Additionally, commercial entities must identify and register their controlling beneficiaries with the Ministry of Economy, particularly for share or equity transfers. Failure to update this registry may result in significant sanctions.
E. New Operational Obligations for Developers
As they are now included in the Vulnerable Activities regime, real estate developers must comply with all obligations under Article 18 of the AML Law, including:
- Submitting notices and reports to the authorities.
- Developing an Internal Policy Manual defining compliance criteria and procedures.
- Implementing automated systems for continuous monitoring of client transactions.
Strengthening General Obligations for Entities Conducting Vulnerable Activities
- Mandatory Automated Systems. Entities must implement automated systems for continuous transaction monitoring to detect deviations from clients’ usual transactional behavior. Periodic risk assessments based on a Risk-Based Approach (RBA) are also required.
- Enhanced Client Identification. Entities must directly identify and know their clients or users using valid official documents. For legal entities or trusts, identifying the Controlling Beneficiary is mandatory.
- Expanded Reporting of Suspicious Transactions. Entities must report not only completed transactions but also attempted transactions, even if not finalized. Reports must be submitted within 24 hours of detection.
- Extended Document Retention Period. The document retention period is extended from five to 10 years.
- Appointment of a Compliance Representative. Entities must designate a compliance representative responsible for ensuring compliance with the SHCP.
- Strengthened Obligations for Public Notaries and Trustees. New obligations are imposed on notaries and public brokers to submit notices for acts involving real estate transfers, trust creation or modification, establishment of real rights, and appraisals, among others.
- Enhanced Supervision, Coordination, and Sanctions. The SHCP and other federal authorities (e.g., National Banking and Securities Commission, Financial Intelligence Unit, National Guard, and Attorney General’s Office) receive expanded powers for verification, imposing precautionary measures, and issuing general rules. Specialized state-level units will be created to enhance patrimonial information analysis. Penalties for non-compliance are increased to up to 65,000 UMAs (approximately MXN $7,354,100, or roughly USD $392,000) or 100 percent of the value of the involved act, with the possibility of suspending operations for unresolved irregularities.
Steps To Consider for Ensuring Compliance With the New Regulations
A. Review and Update Compliance Programs
- Conduct a comprehensive audit of current AML compliance systems.
- Update the Internal Policy Manual to incorporate new compliance criteria and procedures per Article 18, tailored to the risk profile of clients, transactions, or activities.
B. Implement Automated Monitoring Systems
- Adopt systems for continuous transaction monitoring to detect deviations from typical client behavior.
- Ensure traceability to comply with the 10-year document retention period.
- Validate data quality to ensure accuracy, legibility, and completeness of submissions to avoid penalties.
C. Strengthen Client and Ultimate Beneficiary Identification Processes
- Update Know Your Customer (KYC) procedures to include client identification, even without a formal contractual relationship.
- Implement procedures to identify ultimate beneficiaries based on the new 25 percent ownership threshold, especially for real estate projects with special purpose vehicles (SPVs) or complex corporate structures.
- Obtain formal declarations from individuals or trusts regarding the existence or absence of ultimate beneficiaries, backed by appropriate documentation.
D. Comply With New Obligations for Vulnerable Activities
- For real estate developers, include pre-sale and financing operations exceeding 8,025 UMAs (approximately MXN $907,948.50 in 2025, or roughly USD $47,500) in reporting obligations.
- Ensure construction and development activities comply with the expanded scope, including direct project execution.
- Implement reporting of ultimate beneficiaries in real estate projects structured through corporate entities.
- Ensure timely submission of notices and reports to the SHCP, including suspicious transactions (completed or attempted) within 24 hours of detection.
E. Strengthen Compliance Infrastructure
- Designate a Compliance Representative with operational independence and AML/CFT expertise, as required by the reform.
- Allocate resources for infrastructure to support new documentary and operational obligations, particularly for real estate, construction, and nonprofit organizations.
- Conduct regular risk assessments using the RBA to adjust compliance measures based on exposure levels.
F. Enhance Training Programs
- Ensure the Compliance Representative receives annual training on AML Law obligations per SHCP general rules.
- Enroll in the Financial Intelligence Unit (UIF) and SAT training and guidance program within the first six months of the reform (by January 16, 2026) for nonprofits and businesses.
- Develop or strengthen internal training programs on ultimate beneficiary identification, Politically Exposed Person (PEP) management, KYC processes, risk matrix development, automated monitoring, and reporting compliance.
G. Leverage Voluntary Regularization
- Conduct a preventive review of files and processes to identify and correct irregularities under the new recurrent voluntary regularization framework.
- Benefit from penalty reductions for first-time spontaneous corrections and up to 50 percent reductions for subsequent corrections before verification proceedings.
- Engage AML/CFT specialists to review compliance systems and ensure timely corrections to minimize sanction risks.
H. Prepare for Verification Visits
- Assess risk levels (low, medium, or high) to determine if internal reviews or external audits are needed.
- Align compliance programs with the reform’s proportionality principle based on the entity’s size, complexity, and risk profile.
- Prepare legal and compliance teams to respond promptly and accurately to SHCP information requests under the inter-institutional collaboration framework.
About Snell & Wilmer
Founded in 1938, Snell & Wilmer is a full-service business law firm with more than 500 attorneys practicing in 17 locations throughout the United States and in Mexico, including Los Angeles, Orange County, Palo Alto and San Diego, California; Phoenix and Tucson, Arizona; Denver, Colorado; Washington, D.C.; Boise, Idaho; Las Vegas and Reno-Tahoe, Nevada; Albuquerque, New Mexico; Portland, Oregon; Dallas, Texas; Salt Lake City, Utah; Seattle, Washington; and Los Cabos, Mexico. The firm represents clients ranging from large, publicly traded corporations to small businesses, individuals and entrepreneurs. For more information, visit swlaw.com.
