What is a fintech? A 2026 Plain-English Guide for Mexico

If you work in financial services, run a company, are building a startup, or are simply a citizen who hears the word fintech every day, this guide is written for you. Mexico is one of the most dynamic fintech markets in Latin America, with hundreds of companies operating under the Fintech Law and an increasingly sophisticated regulatory framework. But the word "fintech" is used for so many different things that most people don't actually have a clear definition.

Here we explain—without unnecessary jargon and with concrete examples from the Mexican market—what a fintech is, what types exist, what the Fintech Law (LRITF) actually says, how fintechs differ from banks and SOFOMs, and which fraud risks every user and operator should know.

What is a fintech? A clear definition

The term fintech is a contraction of the words financial and technology. It refers to any company, business model, or product that uses technology to deliver, improve, or automate financial services. The definition seems simple, but it has three important nuances:

1. It's not just "a bank with an app". A fintech can be a payments company, a lending platform, a card aggregator, a digital wallet, an insurance comparator, an automated investment platform, an open-banking infrastructure provider, or a digital identity vendor for other banks. Technology is the means; the financial service is the end.

2. Regulation depends on what it does, not on what it's called. In Mexico, a company can offer "fintech" products without being formally regulated by the CNBV (e.g., a card comparator) or be regulated under several different licenses: Financial Technology Institution (ITF), Electronic Payment Funds Institution (IFPE), Crowdfunding Institution (IFC), SOFOM, SOFIPO, or even a full bank. What defines regulation is not the branding but the financial service being provided.

3. The line with traditional banking is increasingly blurred. Traditional banks like BBVA, Banamex or Banorte run modern technology stacks and open APIs. Companies that were born as fintechs (Nu, Klar, Stori) now offer credit cards and deposit products. The useful distinction is no longer "fintech vs bank", but rather who solves a specific financial problem better.

A fintech is not defined by its logo or marketing, but by the (regulated or unregulated) financial service it delivers through technology. Understanding which legal figure it operates under is key to evaluating real risks, costs and advantages.

Types of fintech: 8 categories with examples in Mexico

Not all fintechs do the same thing. The global industry is usually split into these categories, all of which are present in the Mexican market:

Payments and transfers. Processors, digital wallets, aggregators, and payment-acceptance solutions. Examples: Mercado Pago, Clip, Stripe Mexico, OpenPay, Conekta, Spin by Oxxo. Many operate as IFPEs under the Fintech Law.
Digital lending. Platforms that originate, evaluate, and disburse credit using data models. Examples: Konfio, Credijusto, Aperíate, Kueski. Most operate as SOFOM ENR.
Neobanks / digital banking. Companies offering 100% digital accounts, cards and savings products. Examples: Nu, Klar, Stori, Hey Banco. They may operate as full banks or partner with one.
Investment and wealth management. Automated investing platforms, digital brokers, robo-advisors and trading. Examples: GBM+, Bursanet, Flink, Kuspit.
Crowdfunding. Platforms that connect investors with projects or companies. Examples: Yotepresto, Briq.mx, Play Business. Operate as Crowdfunding Institutions (IFC).
Insurtech. Digital insurers and comparators. Examples: Crabi, Sofía, Coru, Rastreator.
Banking-as-a-Service (BaaS) and infrastructure. Companies selling the financial "plumbing" to other companies so they can launch products without building the stack from scratch. Examples: Pomelo, Peibo, Trafalgar, Toka. This category is exploding: 80% of "new" fintechs actually run on BaaS.
Compliance and RegTech. Digital KYC, AML monitoring, beneficial-ownership identification, and sanctions screening. This is where Innova Black operates with its DTX Compliance Engine™.

Each category implies completely different business models, regulatory requirements, and risk profiles. Confusing them is one of the most common mistakes in boards and executive committees.

The Fintech Law: what it regulates and to whom it applies

Mexico's Law to Regulate Financial Technology Institutions (LRITF), known as the Fintech Law, was enacted on March 9, 2018. It was the first comprehensive fintech law in Latin America and, at the time, one of the most advanced globally. Its stated objective is to foster financial inclusion and innovation while protecting consumers and preventing money laundering.

The Fintech Law formally regulates two figures:

IFPE — Electronic Payment Funds Institution. Companies authorized to issue, manage, and transfer electronic payment funds: digitally stored money the user can spend, transfer, or withdraw. Many wallets and processors operate under this figure.
IFC — Crowdfunding Institution. Platforms that connect, through software applications, people seeking financing with people willing to provide it. This is the legal vehicle for regulated crowdfunding.

In addition, the Fintech Law introduced cross-cutting concepts that affect the entire financial system: open banking (standardized data sharing between institutions), virtual assets (cryptocurrencies and similar), novel models (regulatory sandbox for innovations not yet covered in the law), and reinforced KYC, AML, and cybersecurity obligations.

Principles in the Fintech Law — the most important ones for executives:

Financial inclusion and innovation. Lowering barriers so more Mexicans can access formal financial services.
Consumer protection. Transparency in pricing, fees and terms; complaint mechanisms; data portability.
Financial-stability preservation. Minimum capital, risk controls, segregation of customer funds from the ITF's own assets.
Promotion of fair competition. Mandatory open banking, technology neutrality.
Prevention of illicit operations. Reinforced KYC, transactional monitoring, reporting to the UIF (same as any regulated financial institution).

If your company offers, is about to offer, or is evaluating offering a service that touches payments, customer funds, digital lending, or crowdfunding, the first decision is which figure it should operate under. It is the most expensive and hardest-to-reverse decision you will make.

DTX Compliance Engine™

Operating or planning to operate as ITF, SOFOM or IFPE?

DTX Audit™ is a free 45-minute diagnostic in which we define which legal figure fits your business model, which KYC/AML obligations apply, and which technology gaps you must close before going live.

Request a free DTX Audit™

Fintech vs bank vs SOFOM: how they differ

One of the most common confusions is to assume that "fintech" and "bank" are different things. Reality is more nuanced: what changes is the regulatory figure and, with it, the obligations, costs, and products that can be offered.

Bank. The broadest and most demanding figure. It can take public deposits, lend, intermediate securities, offer savings accounts, and operate the SPEI nodal. Minimum capital: hundreds of millions of pesos. Supervision: CNBV + Banxico + CONDUSEF. Authorization timeline: 18–36 months.

SOFOM (Multiple-Object Financial Society). Can extend credit without taking deposits. Two flavors: SOFOM ER (regulated, supervised by CNBV) and SOFOM ENR (not regulated by CNBV, supervised by CONDUSEF and by CNBV only on AML matters). Most fintech lenders in Mexico operate as SOFOM ENR. More detail here.

SOFIPO (Popular Financial Society). Deposits + credit + basic services for popular sectors. Lower minimum capital than a bank; CNBV supervised. A common figure for early-stage neobanks.

IFPE (Electronic Payment Funds Institution). Under the Fintech Law. Can issue and manage electronic money but cannot grant credit or take deposits like a bank. Minimum capital: ~700,000 UDIs.

ITF (Financial Technology Institution). Umbrella term in the Fintech Law that includes IFPEs and IFCs.

The critical question for any founder or executive is not "do I want to be a fintech or a bank?" but rather "what financial service am I going to deliver, and which figure lets me do it with the lowest regulatory cost and highest scalability?"

Financial education and fraud: the other side of fintech

A good fintech guide would not be complete without a section on user risks. The digitization of financial services has reduced friction for legitimate users—and for criminals too. These are the most common fraud schemes that every fintech must prevent and every user should know:

Phishing. Fake emails or websites that imitate your fintech or bank to steal credentials. If you receive an email with a link "to verify your account," check the domain and always log in from the official app.
Smishing. Phishing via SMS. Messages with links to fake sites. Regulated institutions never ask for passwords or OTPs by SMS link.
Vishing. Phone fraud where the criminal poses as bank or fintech personnel, claiming a suspicious charge or movement that requires immediate verification. Hang up and call the official number yourself.
Pharming. Manipulation of DNS or the user's device to redirect traffic to fake sites even when you type the correct URL. Keeping your OS and browser updated is the first line of defense.
SIM swapping. The criminal clones or transfers your number to another SIM and intercepts SMS-based OTPs. Use an authenticator app (not SMS) whenever your fintech allows it.
Advance-fee and romance scams. Social-engineering schemes. If they ask you to send money up front to "unlock" an inheritance, prize, or relationship, it's fraud.

Regulated fintechs are required to operate fraud-monitoring programs, reinforced authentication, and complaint channels. CONDUSEF is the authority you can turn to if a financial institution fails its obligations. For companies, having a modern compliance stack is not optional: it is the only way to protect users and avoid sanctions.

Next steps: how to go deeper

If you made it this far, you already understand fintech better than 90% of the market: what it is, what types exist, how they are regulated in Mexico, and which risks they face. The natural question is: now what?

Depending on your role, we recommend different paths:

Evaluating launching a fintech: start by defining your model and regulatory figure. How to incorporate a SOFOM is required reading.
Operating an existing fintech: make sure your KYC/AML is auditable. Read the KYC/AML guide for SOFOMs and run a DTX Audit™.
Worried about the 2026 FATF evaluation: review your regulatory framework and plan remediation. Supervisory pressure is going to intensify.
Just want to understand the sector better: follow our blog. We publish weekly on regulation, technology and real cases from the Mexican market.

The Mexican fintech sector is entering a consolidation phase. Fintech Law 2.0 will bring new requirements. The FATF evaluation will pressure the system. The companies that deeply understand the category they operate in—and build auditable technology infrastructure—will be the ones that grow. The ones that don't will be the ones that get fined.