Insights from the FinTech Mexico Festival 2026: What’s next for the financial industry

Representing our firm, Adrián Ramírez, Audit Partner; Monserrath Aldana, Audit Senior Manager; and César González, Consulting Director, actively participated in the various conferences and panels, gathering the most relevant insights for executive committees and strategy teams for the 2026–2027 period.

At the FinTech Mexico Festival 2026, the message for the C‑Suite was clear: the era of “growth at all costs” is drawing to a close. The new currency of value in the ecosystem is not disruptive innovation on its own, but demonstrable trust across every layer of the business — from operations to regulation.

Our team attended to understand where the challenges and opportunities lie that will shape the agenda for executive committees in 2026–2027. This is what was discussed — and, more importantly, what it means. 

1) The end of “trial and error”: regulation as a competitive advantage

The message from the regulator — the National Banking and Securities Commission (CNBV) — was consistent: the fintech “big bang” is giving way to a phase of maturity. It is no longer only about the number of participants, but about prudential soundness and user protection. The conversation around a potential “Fintech Law 2.0” should not be seen as a threat, but rather as an opportunity to raise industry standards.

Implication for the C‑Level

Companies that view regulation as an enabler for disciplined scaling will be the ones to attract investment and strategic partnerships. The question is no longer “How do we avoid regulation?” but “How do we build a control framework that enables us to grow without surprises?”

 2) Payments and SPEI: infrastructure is only the starting point

The Bank of Mexico (Banxico) reinforced the scale of progress: with more than six billion SPEI operations in 2025, the rails are ready. The challenge lies in the upper layer: true interoperability, resilient 24/7 operations, and traceability that enables more automated reconciliations and more timely evidence.

Implication for the C‑Level

The ability to integrate into this infrastructure and offer simple yet controllable and auditable experiences will define operational efficiency and competitiveness against larger players.

3) Finternet and stablecoins: trust is a balance

Agustín Carstens put it clearly: innovation must be maximised with prudence. In stablecoins and tokenisation, marketing does not build trust — equivalence, liquidity, governance and supervision do.

Implication for the C‑Level

If the model relies on new financial vehicles, operational, legal and control certainty is not a separate “front”. It is a core part of the value proposition. Without it, mass adoption does not occur.

4) The elephant in the room: cash and default

One of the most revealing discussions focused on what is not “sexy”: cash continues to dominate a large part of transactional activity, and default risk cannot be corrected with partial metrics. Users’ financial health is no longer a peripheral issue — it is becoming a determinant of sustainable profitability.

Implication for the C‑Level

Digital experience must be accompanied by clarity and transparency. A customer who understands the product tends to pay better. This is where resilience and long‑term value are built.

5) Cybersecurity and Artificial Intelligence (AI)

Across nearly all forums, the advantages and opportunities that AI represents for this sector were highlighted — as well as the inherent risks. Understanding both sides is crucial for fintechs:

• on one hand, AI is a powerful ally for protecting critical assets and vulnerable users;
• on the other, it is an emerging technology that has expanded the attack surface in an increasingly digital environment.

As revealing data points, the Fintech Mexico Association shared findings from the study “AI in MSMEs: Trends, Challenges and Opportunities”, conducted by Microsoft, showing that 24% of these organisations experienced an incident or threat linked to AI use — a rise of four percentage points compared with the previous period. Similarly, 57% of MSMEs in Latin America reported an increase in cyberattacks, with phishing being the most common, according to Kaspersky.

Implication for the C‑Level

Fintechs have been among the most frequent targets for cybercriminals, placing cybersecurity as a strategic axis for containing digital fraud. These institutions must strengthen their programmes by implementing beta‑environment testing, robust identification and authentication systems, data encryption, monitoring and blocking of suspicious transactions, perimeter security, adoption of standards such as ISO 27001, NIST and PCI DSS, among others, as well as responsible data governance that limits the storage of sensitive information.

At the same time, AI adoption must be accompanied by clear governance frameworks, ethics and regulatory compliance. Otherwise, it may become a risk vector, leading to possible sensitive information leaks, bias in automated decision‑making or technological dependencies that are difficult to audit.

The question the Committee should answer

Upon leaving the festival, the reflection is straightforward:

Is your control architecture (audit, cyber risk, compliance) at the same level of ambition as your product roadmap?

If your agenda for the next 12 months includes:

• Scaling with regulatory soundness
• Integrating into payment rails without losing traceability
• Managing credit risk with a focus on customer financial health
• Building trust in new products (tokenisation, digital payments)
• Integrating a robust cybersecurity strategy, including emerging technologies such as the responsible use of AI

…then it is worth exchanging perspectives and best practices on how to translate these challenges into a control and growth strategy that generates real trust. Because the future will not belong only to the fastest — it will belong to the strongest.

_{From left to right: Monserrath Aldana, Audit Sr. Manager; César González, Consulting Director; and Adrián Ramírez, Audit Partner.}