On November 27, 2025, the Mexican government published the operational guidelines for the Plataforma Única de Identidad (PUI) — the Unified Identity Platform — in the Official Gazette of the Federation. From that moment, a countdown began for every financial institution operating in the country.

The integration deadline for the financial sector was March 31, 2026.

If your institution hasn’t connected yet, there’s good news: you don’t have to build the infrastructure from scratch. Dynamicore already has the PUI connection available via API for every institution on its platform.

What is the PUI?

The PUI is a federal government technology system, operated by RENAPO (Mexico’s National Population Registry) and the Digital Transformation and Telecommunications Agency (ATDT). Its purpose: locate missing and disappeared persons by cross-referencing data against records held by both public and private institutions.

Its legal basis: Article 12 Bis of the General Law on Enforced Disappearance of Persons, with the Technical Manual published in the Official Gazette on January 23, 2026.

The detail that changes how you understand this obligation

Most institutions assume the PUI works like a query system: “my system asks the government whether a person is reported missing.” That assumption is wrong.

The model works in reverse:

The government queries your system — asking whether you hold records for a missing person. Your infrastructure must be available 24/7 to receive those queries, process them, and respond in real time.

This isn’t a service you subscribe to. It’s infrastructure that must be permanently active — and that Dynamicore has already built.

In practice, the flow works like this:

1. Mexico’s National Search Commission (CNB) registers a missing person with a unique ID in the national registry (RNPDNO)
2. The PUI notifies all connected institutions via a call to the /activar-reporte endpoint
3. Your system searches for that person’s CURP (national ID) in your database
4. If a match is found, your system responds with available data via /notificar-coincidencia
5. When the person is located, the PUI sends /desactivar-reporte and monitoring ends

Fully automated. No manual intervention. No option to ignore a notification.

Who is required to connect?

Mexico’s banking regulator (CNBV) has confirmed that every entity in the Mexican financial system must connect to the PUI. This includes:

There are no exceptions based on institution size, portfolio volume, or years of operation.

The PUI extends beyond finance — hospitals, universities, airlines, telecom operators, and hotels are also required to connect. But the financial sector had the earliest deadline and faces direct CNBV oversight.

To put the scale in perspective: Mexico currently has more than 100,000 people registered as missing. Every one of them is a potential report your system must be able to process.

What are the penalties for non-compliance?

Fines are established under Article 43 Bis of the Law and are calculated in Units of Measurement and Update (UMA):

• Minimum: 10,000 UMA = ~$57,500 USD per violation
• Maximum: 20,000 UMA = ~$115,000 USD per violation

Violations are cumulative. This isn’t a one-time fine — it applies to each infraction: failing to connect, failing to keep data current, denying government access when required.

Beyond the financial penalty, the reputational risk is significant. The PUI has a direct humanitarian purpose: it helps find missing people. An institution that fails to comply isn’t just facing a fine — it’s facing a public narrative that’s very difficult to defend.

Still not connected to the PUI? DynamiCore already has the API integration ready. Your institution can comply without building infrastructure from scratch.

What data does your institution exchange with the PUI?

What the government sends to your system

When the PUI activates a search report, your system receives:

• CURP (national ID — required)
• Full name
• Date of birth and date of disappearance
• Place of birth (required)
• Sex assigned at birth

What your institution must respond if a match is found

DynamiCore handles this data exchange automatically — your team doesn’t need to manually intervene in each query.

How does it work technically?

PUI integration requires backend infrastructure with precise technical specifications defined in RENAPO’s Technical Manual. Dynamicore already meets all of these requirements, meaning institutions on our platform don’t need to build them separately.

Endpoints your system must expose (consumed by the government)

1. /login — JWT authentication
2. /activar-reporte — Receives new missing person reports
3. /activar-reporte-prueba — Endpoint for pre-production technical validation
4. /desactivar-reporte — Receives notification when a person is located

PUI endpoints your system consumes

1. /login — Authentication with the PUI
2. /notificar-coincidencia — Sends data found in your database
3. /busqueda-finalizada — Notifies that historical search is complete
4. /reportes — Retrieves active reports assigned to your institution

Technical specifications Dynamicore already meets

• Protocol: HTTPS with TLS 1.2 or higher
• Authentication: JWT with 1-hour validity and automatic token renewal
• Format: JSON encoded in UTF-8
• Biometric encryption: AES-256-GCM for photos and fingerprints
• Availability: 24/7, internet-accessible at all times
• Security audits: SAST, DAST, and SCA reports with zero critical, high, medium, or low vulnerabilities

The three phases of the search process

Once an active report is received, the system runs three mandatory phases automatically:

Phase 3 is the most operationally demanding: continuous monitoring runs at configurable intervals of 1, 4, 12, or 24 hours and only stops when the PUI issues a /desactivar-reporte. Dynamicore handles this monitoring cycle in the background — your operations team doesn’t need to manage it.

What the PUI is NOT

Three common misconceptions worth clarifying:

• It doesn’t replace KYC or onboarding. The PUI doesn’t verify identities or confirm that a client is who they say they are. That remains the responsibility of your onboarding process and AML checks — which in Dynamicore are also integrated.
• It’s not an identity gateway like biometric verification or national ID validation services.
• It’s free on the government side. Connecting to the PUI carries no government fee. The cost lies in developing, implementing, and maintaining the required technical infrastructure — which Dynamicore has already absorbed for its clients.

How DynamiCore solves PUI integration

The biggest obstacle financial institutions face isn’t the willingness to comply — it’s the technology they’re running on.

Building PUI integration from scratch requires:

• API architecture with secure endpoints available 24/7
• AES-256-GCM encryption and JWT authentication with automatic renewal
• Historical search capability across databases up to 12 years back
• SAST, DAST, and SCA audits before RENAPO registration
• Ongoing maintenance of the Phase 3 monitoring system

Institutions running legacy systems — banking software without API architecture — can spend months building this, if their existing infrastructure can support it at all.

DynamiCore already has all of this built.

Institutions on our platform connect to the PUI without parallel development projects, without hiring additional technical teams, and without waiting months to go live. The integration is part of the core banking platform — not an external module that needs to be synchronized.

The PUI won’t be the last compliance requirement to arrive. The UIF-CNBV agreement signed in March 2026 confirms that Mexican regulation is moving toward real-time supervision. Institutions running on API-first platforms like Dynamicore are ready for each new requirement from day one.

PUI, AML, and KYC: three processes in a single system

One of the most common inefficiencies in financial institutions is running these three processes on separate systems:

• KYC / Onboarding 
• AML / Watchlist screening 
• PUI

Each separate system means more failure points, higher maintenance costs, and greater regulatory risk.

In DynamiCore, onboarding, PUI verification, AML screening, and CNBV regulatory reporting all happen within the same operational flow — automated, without manual intervention at each step.

DynamiCore already has the PUI connection ready to integrate in less than 24 hours.

Your institution can comply with PUI, AML, and CNBV regulations without parallel development projects. Get in touch here and learn more.

Follow us on Instagram, Facebook, and LinkedIn for more content and stay up to date on how to transform your business with financial technology!