On July 16, 2025, the “Decree amending and adding various provisions of the Federal Law for the Prevention and Identification of Transactions with Illicit Funds, and amending Article 400 Bis of the Federal Criminal Code” (the “Decree”), was published in the Official Journal of the Federation.

The Decree introduced several amendments to the Federal Law for the Prevention and Identification of Transactions with Illicit Funds (the “Law”), the most relevant of which are outlined below:

1. With regard to the definition of controlling beneficiary, it is now understood that a person or group of persons is now deemed to have effective control over a legal entity if they hold rights which allow them, directly or indirectly, to vote more than 25% of the share capital, whereas the previous threshold was over 50%.

• The receipt of funds intended for real estate development aimed at property sales or leases is now classified as a vulnerable activity. The term “real estate development” was defined as any project for the construction of buildings or subdivision of land intended for sale or lease.

•  Entities engaged in vulnerable activities are now required to safeguard, protect, and prevent the destruction of operational records, related correspondence, and pre-transaction analyses to enable the reconstruction of each transaction, if necessary.

• Originally, the obligation to keep and not destroy information was for a period of five years; however, it is now 10 years. Additionally, if a legal proceeding or appeal is filed, such 10 year period will be suspended with respect to the pertinent information and will restart only after a final resolution has been issued.

• Those conducting vulnerable activities are now required to register with the Registry of Persons Engaged in Vulnerable Activities.

• Submitting reports to the Department of Finance and Public Credit (the “Department”) will now be mandatory in cases where there is suspicion or information based on facts or indications that funds related to certain acts or transactions may originate from, or be intended for, the commission of money laundering offenses. Such reports must be filed within 24 hours of the reporting party becoming aware of the relevant information.

• Entities must now implement and adhere to internal manuals setting out policies, criteria, and procedures for compliance with the Law. They must also implement annual training programs for management, the board of directors, and personnel who interact directly with clients or users.

• Likewise, parties subject to the Law must deploy automated systems to monitor transactions on an ongoing basis. These systems should help detect when transactions, accumulated over a six-month period, exceed the thresholds set for each vulnerable activity, and involve politically exposed persons or high-risk individuals.

• The Law requires legal entities to undergo an annual compliance evaluation conducted by internal audit teams or external auditors, depending on the type and level of vulnerability of the activity, to assess the effectiveness of their compliance measures.

1. Lawmakers included a new chapter on controlling beneficiaries  requiring legal entities to respond to requests from competent authorities to identify their controlling beneficiaries. Failure to comply may result in sanctions.

1. On the other hand, the Department was granted new authority to order the temporary suspension of transactions or business relationships with specific clients or users by entities engaged in vulnerable activities.

1. Finally, another relevant change is that submitting reports or documents containing illegible information that prevents proper understanding of their contents is now considered a criminal offense.

While the Decree became effective the day after its publication, several of the new obligations will take effect later, once general rules have been issued pursuant to the Law.

Given the above and what is contained in the Decree, we anticipate that amendments to the Law’s regulations and the issuance of general rules will follow shortly, which should provide further clarity and detail regarding the changes summarized herein.

Please contact us if you have any questions regarding the Decree or any other matter related to vulnerable activities.