40 FATF 40 Recommendations
26

Recommendation 26 · Group F · Powers of Competent Authorities

Former: R.23

Regulation of financial institutions

Recommendation 26 requires every country to subject financial institutions to adequate regulation and supervision for AML/CFT — and to implement the Core Principles of the Basel Committee, IOSCO and IAIS where they are relevant. Supervisors must apply a risk-based approach, prevent criminals from holding significant or controlling stakes (including via beneficial ownership), and apply effective sanctions for non-compliance.

Who must comply?

  • Banking supervisors (CNBV, OCC, FCA, BaFin, etc.)
  • Securities supervisors (IOSCO members)
  • Insurance supervisors (IAIS members)
  • Specialised AML supervisors and integrated regulators

Key requirements

  1. 1

    Adequate regulation

    All financial institutions must be subject to AML/CFT regulation aligned with the FATF Recommendations and the Core Principles of Basel/IOSCO/IAIS. Coverage must be comprehensive — no significant gaps or carve-outs.

  2. 2

    Fit-and-proper test for ownership and management

    Countries must take measures to prevent criminals or their associates from holding (or being beneficial owners of) significant or controlling interests, or holding senior management positions in financial institutions — through licensing review, periodic reassessment and change-of-control approvals.

  3. 3

    Risk-based supervision

    Supervision must be calibrated to the risk profile of each institution and sector — frequency, depth and scope of inspections; resources allocated; and intensity of follow-up should match the assessed risk.

  4. 4

    Adequate powers

    Supervisors must have adequate powers to perform their functions: access to all records, on-site inspections, request of information, ability to compel production of documents, and authority to impose dissuasive sanctions.

  5. 5

    Effective sanctions

    Supervisors must be able to impose a range of effective, proportionate and dissuasive sanctions — including written warnings, fines, restrictions on business, suspensions, removal of officers and revocation of licences.

  6. 6

    Cooperation with other supervisors

    Domestically and internationally, supervisors must cooperate with each other and with foreign counterparts — sharing information for AML/CFT, conducting joint inspections, and exchanging supervisory intelligence on group-level risks.

Practical example

Example: CNBV inspection of a SOFOM ENR

Mexico's CNBV inspects a SOFOM ENR using a risk-based approach: the SOFOM's risk profile (cross-border lending, high-net-worth clients) classifies it as elevated risk. The 19-task inspection covers KYC files, transaction monitoring outputs, STR filings, sanctions screening, training records, AML manual coverage, and beneficial-ownership data of the SOFOM's own shareholders. Findings are documented; deficiencies trigger corrective orders, fines (up to 100,000 days of salary) or — in serious cases — revocation of registration.

How Mexico implements it

Country-specific section in Spanish — Mexican regulatory references (LFPIORPI, CNBV, SAT, UIF).

México estructura la supervisión financiera bajo la CNBV (con coordinación de UIF, SAT y Banxico):

CNBV — Supervisor del sector financiero

La CNBV supervisa instituciones de crédito (LIC), SOFOMes ENR (LGOAAC), casas de bolsa, fondos de inversión, ITF (Ley Fintech), aseguradoras (vía CNSF). Aplica DCG y realiza inspecciones in situ con periodicidad basada en riesgo.

CNBV: qué es, funciones y entidades

Auditoría CNBV — 19 tareas de inspección

La inspección CNBV cubre 19 tareas estructuradas: política de identificación, expediente del cliente, identificación del propietario real, sistema automatizado, monitoreo, capacitación, manual de cumplimiento, oficial de cumplimiento, reportes, etc.

Auditoría CNBV a SOFOM ENR

Convenio UIF-CNBV 2026

Formalizó la coordinación entre la UIF (inteligencia) y la CNBV (supervisión), permitiendo inspecciones conjuntas, intercambio de información y administración tecnológica unificada de la lista de personas bloqueadas.

Multas y sanciones

Las multas para SOFOMes ENR van de 10,000 a 100,000 días de salario mínimo (~$2.78M a $27.88M MXN), además de suspensión de actividades y revocación de registro.

Multas PLD SOFOM ENR

Milestones

  1. 2003

    Original Recommendation 23 on supervision

  2. 2012

    Renumbered as Recommendation 26 with risk-based focus

  3. 2025

    October 2025 update reinforces beneficial-ownership scrutiny in licensing

Related Recommendations

Other Recommendations in Group F — Powers of Competent Authorities

27 R.27 Powers of supervisors 28 R.28 Regulation of DNFBPs 29 R.29 Financial intelligence units (FIUs) 30 R.30 Law enforcement responsibilities 31 R.31 Law enforcement powers 32 R.32 Cash couriers 33 R.33 Statistics 34 R.34 Guidance & feedback 35 R.35 Sanctions

Official citation

FATF (2012-2025), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, Recommendation 26, FATF, Paris, France. Last updated October 2025.

Read the official text on fatf-gafi.org