Banking Regulation 2022

Last Updated October 26, 2021


Law and Practice


Cascione, Pulino e Boulos Advogados is a full-service law firm dedicated to providing the highest quality legal services to domestic and foreign clients operating in all major sectors of the Brazilian economy and is recognized as one of the best business law firms in Brazil in several practice areas. The firm's banking and finance department is best known for its strong technical knowledge, personalised service, multidisciplinary analysis and direct involvement of partners. Cascione, Pulino e Boulos Advogados' strong background in banking and finance has placed the firm in a privileged position to provide legal advice to financial and payment institutions.

In Brazil, the main laws governing the banking sector are the following, as amended:

  • Law No 4,595/64 (the “Brazilian Banking Law”), which creates the National Financial System (SFN) and, thus, the basis of the regulatory framework of the banking sector, including the definition and activities of financial institutions and the regulatory powers granted to the Brazilian National Monetary Council (CMN) and the Central Bank of Brazil (BCB) in the SFN;
  • Law No 4,728/65 (the “Brazilian Capital Market Law”), which governs the financial and capital markets in Brazil, including specific regulation applicable to broker-dealers, and the respective regulatory powers granted to CMN and BCB in its regulation and supervision; and
  • Law No 4,131/62, which sets forth the general foreign exchange and foreign investments legal framework in Brazil.

In addition, there are other laws applicable to the banking sector, among which we highlight the following:

  • Complementary Law No 105/01, dealing with bank secrecy;
  • Law No 9,613/98, imposing obligations related to the prevention of money-laundering and terrorism financing (AML/CTF); and
  • Law No 13,810/19, mandating compliance with sanctions imposed by resolutions of United Nations Security Council (UNSC).

Under the terms of the Brazilian Banking Law, financial institutions are “public or private legal entities whose main or ancillary activity is the collection, intermediation or application of their own or third-party funds, in local or foreign currency, and the custody of third-party funds”.

In this context, the Brazilian Banking Law and the Brazilian Capital Market Law granted powers to CMN and BCB to act as the main regulators in charge of the banking sector, provided that CMN undertakes a general regulatory role, while BCB is in charge of regulating specific aspects and supervising compliance with the regulation.

Considering the above, CMN and BCB have enacted a comprehensive and extensive regulation of the financial sector during the past decades. Amongst such regulation, the following should be highlighted:

  • Resolution CMN No 4,122/12 (which will be revoked and superseded by Resolution CMN No 4,970/21 on 1 July 2022) and Circular BCB No 3,649/13, that govern the incorporation and authorisation proceeding of financial institutions, appointment of officers, main corporate events and cancellation of authorisation to operate;
  • Resolution CMN No 4,553/17, that sets forth the segmentation of financial institutions for purposes of applying the prudential regulation in a proportional manner; and
  • Circular BCB No 3,978/20, which regulates the AML/CTF obligations, set forth by Law No 9,613/98 and Law No 13,260/16.

Furthermore, CMN and BCB have enacted extensive regulation regarding other matters, including regulation on internal controls, ombudsman, cybersecurity, internal and independent audits, risk management, frauds prevention, customer service support and accounting.

Authorisation Requirements

According to Brazilian Banking Law, financial institutions are subject to prior authorisation from BCB in order to be able to operate. This authorisation involves specific procedures and compliance with certain requirements depending on the type of activity to be performed.

It should be noted that performance of activities that are the sole domain of financial institutions without the prior authorisation by BCB is a crime under Law No 7,492/86.

Types of Licence

In general terms, entities that wish to provide financial services may apply for the following types of licence:

  • Commercial Banks ‒ institutions which objective is to raise funds to provide a timely and adequate supply of funding needed to finance, in the short and medium term, commerce, industry, service providers, individuals and third parties in general. These institutions may receive bank demand or time deposits.
  • Investment Banks ‒ institutions which objective is to raise funds for investment purposes, temporary acquisition of equity in companies, asset management or medium and long-term financing operations, for the supply of companies’ working or fixed capital.
  • Development Banks ‒ institutions that aim to raise funds to provide the timely and adequate supply of funding necessary for the medium and long-term financing of programs and projects that aim to promote economic and social development of the respective State where they are based, with the responsibility of supporting the private sector.
  • Foreign Exchange Banks ‒ financial institutions specialised in carrying out foreign exchange transactions, transfers of funds to and from abroad, import and export financing, advances on foreign exchange contracts and other operations, including the provision of services, as determined by the foreign exchange regulation.
  • Multiple Banks ‒ financial institutions that operate multiple portfolios, performing, at least, two of the following activities, one of them being mandatorily commercial or investment portfolio:
    1. commercial bank;
    2. investment and/or development bank;
    3. real state credit entity;
    4. credit, financing and investment entity; and
    5. commercial leasing.

Additionally, there are certain types of non-banking financial institutions in Brazil, such as credit, financing and investment companies, real estate credit companies and mortgage companies, credit unions, micro entrepreneur and small business credit companies, direct credit society (SCD) and peer-to-peer lending company (SEP).

Any Restrictions on Licensed Banks’ Activities

As a general note, the activities performed by financial institutions are subject to extensive regulation and, thus, are subject to a series of restrictions regarding their operational procedures and business.

In this context, Law No 13,506/17 provides certain restrictions on licensed banks’ activities, highlighting the following:

  • trade securities, financial instruments and other assets, or carry out credit or leasing transactions, at prices that do not match market prices, causing losses for itself or for third-parties;
  • distribute dividends, pay interest on equity or, in any other way, remunerate shareholders, managers or members of statutory bodies based on results obtained from false or incorrect accounting or financial statements;
  • issue debentures and founders' shares; and
  • acquire real estate not intended for its own use, except for those received in settlement of loans with difficult or doubtful solutions or when expressly authorised by BCB, in compliance with the regulation issued by CMN.

Statutory or Other Conditions for Authorisation

In addition to the unblemished reputation requirement, Resolution CMN No 4,122/12 (which will be revoked and superseded by Resolution CMN No 4,970/21 on 1 July 2022) and Circular BCB No 3,649/13 also require the provision of the following documents and information:

  • feasibility of the project, demonstrated through a business plan that comprises:
    1. marketing plan: describes the purpose of the enterprise and its niche market, including the target audience and main products and services;
    2. operational plan: describes how the institution will operate, including its corporate and organisational charts, corporate governance and infrastructure; and
    3. financial plan: demonstrates the economic and financial feasibility of the project;
  • controllers' economic-financial capacity: evaluated based on the information contained in the business plan, especially the capitalisation needs of the institution;
  • lawful origin of funds used in the project; and
  • technical knowledge and experience of controllers and managers in the intended business field.

Process for Applying for Authorisation

As a general rule, BCB has 12 months to authorise a bank to operate. The deadline starts from the date when the application is filed with BCB.

Pursuant to Resolution CMN No 4,122/12 (which will be revoked and superseded by Resolution CMN No 4,970/21 on 1 July 2022) and Circular BCB No 3,649/13, the authorisation process encompasses the following phases:

  • presentation of the project proposal;
  • technical interview;
  • presentation of the business plan and request for an opinion in favour of the incorporation of the institution;
  • submission of the corporate documents required to incorporate the institution;
  • implementation of the organisational structure and request for inspection of said structure;
  • inspection; and
  • amendment of the bylaws or articles of incorporation and election of members of statutory or contractual bodies, if necessary, with submission of corporate acts to BCB.

The acquisition and transfer of equity in banks in Brazil are subject to the following requirements set forth by Resolution CMN No 4,122/12 (which will be revoked and superseded by Resolution CMN No 4,970/21 on 1 July 2022), Circular BCB No 3,649/13 and Resolution BCB No 23/20:

  • Acquisitions and transfers of the corporate control and any change, direct or indirect, in the controlling group that may entail changes in the management of the institution, must be authorised by the BCB.
  • Operations involving direct or indirect acquisition, expansion and assumption of 15% or more of the total corporate capital, but not involving a change of corporate control, require submission to the BCB.
  • As a general rule, it is necessary to inform the BCB regarding any direct or indirect changes in the corporate capital owned by: (i) controlling shareholder or participant of controlling group; (ii) foreign individuals or legal entities; (iii) institutions regulated by the BCB; and (iv) shareholders with 5% or more of the total corporate capital of the institution.

Pursuant to Resolution CMN No 4,122/12 (which will be revoked and superseded by Resolution CMN No 4,970/21 on 1 July 2022), controlling group is defined as the owner(s) of the majority of the voting capital in corporations or the owner(s) of, at least, 75% of the corporate capital in limited liability companies.

Additionally, the regulation limits the types of entities that may be  controlling shareholders of a financial institution, as follows:

  • individuals;
  • financial institutions headquartered in Brazil or abroad;
  • other institutions regulated by the BCB; and
  • a holding company that has as exclusive corporate purpose the participation in institutions regulated by the BCB.

The foreign investment in banks in Brazil has recently changed with the enactment of Decree No 9,544/18, Decree No 10,029/19 and specific regulation by the BCB, aiming at reducing bureaucracy, speeding up the authorisation proceeding and stimulating the participation of new players in the financial market.

Before such decrees and regulation were enacted, any increase of foreign participation in financial institutions in Brazil required a manifestation of express interest by the Brazilian federal government and publication of a specific Presidential Decree in this regard. Currently, foreign investors are subject to the same rules mentioned above, which are applicable both to foreign and local investors interested in acquiring an equity stake at a local financial institution.

Banks and Boards of Directors

According to Brazilian laws, as a general rule, it is not mandatory for banks to have a board of directors (conselho de administração) or a permanent board of auditors (conselho fiscal). In case the bank does not have a board of directors, certain responsibilities will fall to the board of officers (eg, approval of specific policies and reports mandated by the regulation).

If the institution has a board of directors, Law No 6,404/76 (the Brazilian Corporations Law) sets forth that the board must have, at least, three members with terms of office lasting up to three years. Regarding the board of auditors, it must have at least three and no more than five members, with terms of office lasting until the following ordinary shareholders’ meeting.


When it comes to committees, certain banks must have:

  • Audit Committee (comitê de auditoria): banks that comply with determined prudential requirements, such as Regulatory Capital (Patrimônio de Referência) equal to or greater than BRL1 billion, must create an audit committee, according to Resolution CMN No 3,198/04. The composition of the committee may vary depending on the participation of the bank in a prudential conglomerate or in case the bank or institutions that are part of its prudential conglomerate are publicly-held corporations. However, the audit committee must have, at least, three members with a maximum term of office of five years, for publicly-held banks, or without term of office, for closely-held banks.
  • Remuneration Committee (comitê de remuneração): pursuant to Resolution CMN No 3,921/10, it is necessary to create a remuneration committee: (i) for closely-held banks, in case the bank is also obliged to create an audit committee (as per the previous item above); and (ii) for publicly-held banks, mandatorily. The remuneration committee must have, at least, three members with fixed term of office, no longer than ten years. Additionally, at least one of the members must be a non-manager member.

Internal Controls Imposed on Banks

Notwithstanding the obligatory committees mentioned above, BCB imposes certain obligations to banks regarding internal controls, internal audit and ombudsman office, which may be performed by independent committees or units. According to Resolution CMN No 2,554/98, banks must implement internal controls structures in order to, among others, segregate the activities assigned to members of the institution so that conflicts of interest are avoided, as well as to adequately monitor areas identified as having potential conflicts of interest.

Furthermore, pursuant to Resolution CMN No 4,879/20, banks must implement and maintain an internal audit activity, which must be continuous, effective and independent of the audited activities, as well as be performed by a specific unit of the institution.

Additionally, financial institutions must incorporate an ombudsman office, under the terms of Resolution CMN No 4,860/20, which cannot be linked to an organisational component of the institution that represents a conflict of interest or of attributions (eg, internal audit and compliance). The bylaws of the financial institution must expressly provide on certain aspects of the ombudsman office (eg, its purpose, activities and attributions).

Corporate Governance in Banks

The Brazilian Federation of Banks (Febraban) and the Brazilian Institute of Corporate Governance (IBGC) have enacted non-binding guidelines to corporate governance in banks. Febraban has edited in 2018 a compliance guide, which establishes:

  • key principles and responsibilities applicable to statutory boards;
  • main topics that the bank’s compliance policies must have;
  • the powers or functions of compliance; and
  • the synergy among compliance and other areas (eg, internal controls or audit committee).

For information on IBGC’s code, see 4.2 Registration and Oversight of Senior Management.

In Brazil, the shareholders’ meeting is the corporate body in charge of appointing the directors of a bank or, in the absence of a board of directors, of appointing the officers. Brazilian Banking Law grants the CMN the power to set forth the conditions for appointing and exercising top management positions in banks.

In view of this, Resolution CMN No 4,122/12 (which will be revoked and superseded by Resolution CMN No 4,970/21 on 1 July 2022) sets forth the conditions to the exercise of statutory or contractual positions in banks. The BCB has to approve the appointment of statutory or contractual managers, which must comply with certain requirements, among which we highlight the following:

  • have unblemished reputation (eg, by means of verification of the existence of criminal proceedings, police investigation, legal or administrative proceedings related to the SFN);
  • be resident in Brazil;
  • evidence technical capacity;
  • certificate their clearance (eg, not be barred by special law, nor convicted of bankruptcy crime, tax evasion or crimes against the SFN);
  • not be declared disqualified or suspended from exercising management positions in financial institutions; and
  • not be declared bankrupt or insolvent, or not have controlled or managed, in the last two years, an institution that was declared bankrupt or in reorganisation.

Compliance with the requirements above must be disclosed in the authorisation proceeding and/or during changes and appointments of managers. Notwithstanding the requirements above, members of the board of auditors, audit and remuneration committees must comply with additional specific requirements, depending on the case.

The officers must be responsible before the BCB for compliance with determined regulatory obligations, including the filing of periodic reports (eg, compliance and reports related to cybersecurity, ombudsman and accounting matters). These obligations are additional to ordinary management functions and cumulation of activities by a given officer should only occur if there is no conflict of interests.

Additionally, IBGC has edited a voluntary code in 2016 called Manual of Juridical-Regulatory Orientation for Financial Institution Managers, which covers the following topics:

  • rules applicable to appointment of statutory board members;
  • regulatory obligations and governance;
  • supervision and regulatory activities of the BCB;
  • crimes related to financial system; and
  • compliance with anti-corruption and socio-environmental responsibilities.

Notwithstanding the foregoing, the BCB may determine the removal of members of statutory or contractual bodies with a term of office in effect if, at any time, circumstances are found that are pre-existing or subsequent to their election or appointment that characterize non-compliance with the conditions listed above.

Additionally, pursuant to Brazilian Banking Law, Law No 13,506/17 and Resolution BCB No 131/21, the BCB is responsible for supervising financial institutions. Any violations of the regulations may lead to the imposition of administrative sanctions, after an administrative sanctioning proceeding has been concluded.

As a consequence, the members of the executive board, board of directors, board of auditors, audit committee and other statutory bodies of banks are subject to administrative sanctions, pursuant to applicable regulations.

In general, the applicable sanctions vary according to the infraction committed. Under Law No 13,506/17, the main penalties applicable by the BCB to managers of banks may involve, separately or cumulatively:

  • public admonition;
  • fine; and
  • ineligibility to act as statutory managers of a financial institution, payment institution or other institutions supervised by the BCB.

Pursuant to Resolution CMN No 3,921/10, banks must implement a remuneration policy for its administration, which shall be compatible with the risk management policy and should not encourage behaviour that increases risk exposure above recommended levels. The remuneration committee, as applicable, and/or, in the last instance, the board of directors, is responsible for supervising the planning, implementation, controlling and reviewing this policy.

With respect to the variable remuneration, the institutions must take into consideration, with regard to the overall amount and allocation of the remuneration, certain factors, such as:

  • the current and potential risks;
  • the institution's overall result, in particular the recurring profit realised; and
  • the institution's capacity to generate cash flows.

Among the criteria to pay variable remuneration to managers, it is necessary, at least, to analyse:

  • individual performance;
  • the performance of the business unit;
  • the performance of the institution as a whole; and
  • the relationship between the three performances listed above.

There is no specific consequence provided by BCB’s rules regarding the breach of the remuneration requirements mentioned above. However, Resolution CMN No 3,921/10 sets forth that BCB is authorised to adopt necessary measures to ensure compliance with the referred Resolution. In this scenario, the regulator may commence an administrative proceeding against the institution and its managers, based on general breach of regulation, under Law No 13,506/18 (see 4.2 Registration and Oversight of Senior Management).

As a final note, due to the impacts of the COVID-19 pandemic, the BCB has imposed certain temporary restrictions regarding remuneration of bank managers. In this sense, Resolution CMN No 4,820/20 expressly prohibited banks from increasing the fixed or variable remuneration of officers, managers, directors or members of the audit committee. This resolution is still in force at time of writing.

Primary Laws

In Brazil, Law No 9,613/20 is the main law governing AML/CTF obligations. The provisions of the law are broad and require specific regulation in order to enable compliance by regulated entities. Therefore, the BCB has enacted Circular No 3,978/20 to regulate, in detail, the AML/CTF obligations applicable to financial institutions.

Thus, Law No 9,613/20 and Circular BCB No 3,978/20 establish that financial institutions must implement an AML/CTF governance structure using a risk-based approach. This structure must be compatible with the risk profiles of the:

  • clients;
  • institution;
  • operations, transactions, products, and services; and
  • employees, partners, and outsourced service providers.

Furthermore, the AML/CTF governance structure for financial institutions must include the:

  • development of internal risk assessments and policies;
  • maintenance of transaction records;
  • implementation of processes for identifying, qualifying and classifying its clients (KYC), partners, employees and outsourced service providers;
  • processes to monitoring, selection and analysis of suspicious transactions and situations (to which the BCB sets forth a non-exhaustive list in Circular Letter BCB No 4,001/20);
  • report of such suspicious transactions and situations to the regulators; and
  • appointment of an officer to be in charge of the AML/CTF controls.

Risk Profile and Risk Assessment

KYC procedures must be compatible with the client’s risk profile, the AML/CTF policy and the internal risk assessment of the institution. The regulation mandates implementation of KYC in three stages:

  • identification of the client;
  • qualification of the client, which involves gathering information required to determine the financial situation of the client, its place of residence or location of its headquarters, and if the client is a politically exposed person; and
  • determining the client’s risk profile.

The report of suspicious transactions and situations is mandatory and must be made to the Financial Activities Control Board (Coaf). In that sense, there are specific transactions that are considered potentially suspicious and must be reported independently of the institution's internal risk assessment, while there are other situations that require an internal assessment in order to determine if the transaction should be reported or not.

Additional Regulations

Without prejudice to the above, there are other laws and regulations that are complementary to the main AML/CTF obligations, such as:

  • Law No 13,260/16 establishes and regulates crimes associated with terrorism acts (including terrorism financing);
  • Law No 13,810/19 and Resolution BCB No 44/20, mandating compliance with sanctions imposed by resolution issued by UNSC; and
  • Resolution BCB No 131/21 sets forth, among other things, specific sanctions applicable in case of breach of AML/CTF obligations by financial institutions.

In Brazil, the depositors are protected by guarantee funds, private, non-profit associations which purpose is to protect depositors of member institutions (as detailed below), contributing to the maintenance of financial stability and preventing systemic crises.

In the event of a decree of intervention or extrajudicial liquidation, depositors are guaranteed receipt of the deposited amount, subject to the limits and guaranteed financial instruments, in accordance with the regulations of the respective guarantee fund.

In Brazil there are two main guarantee funds, the credit guarantee fund (FGC) and credit co-operative guarantee Fund (FGCoop).

Credit Guarantee Fund (FGC)

The FGC is a non-profit civil association with the purpose of protecting depositors and investors of the associated institutions.

FGC is not managed by CMN or BCB. However, under the terms of Resolution CMN No 2,197/95, the bylaws and regulations of FGC must be approved by the CMN. Resolution CMN No 4,222/13 sets forth the FGC Bylaws in Annex I and the FGC Regulation in Annex II.

Protection under the FGC is limited to certain deposits or investments in member institutions. Under the existing regulation, certain institutions are obliged to be members of the FGC, such as Caixa Econômica Federal, multiple banks, commercial banks, investment banks, development banks, credit, financing and investment companies, real estate credit companies, mortgage companies and associations of savings and loans, operating in the country, which:

  • receive demand deposits, in savings accounts or time deposits;
  • accept in bills of exchange;
  • raise funds through the issuance and placement of real estate bills, mortgage bills, real estate credit bills or agribusiness bills of credit; and
  • raise funds through repo transactions having as their object securities issued by affiliated companies.

Subject to the limits established by the FGC Regulation, the following depositor credits are guaranteed by FGC, on an ordinary basis, provided they are held with member institutions:

  • deposits on demand or withdrawable upon prior notice;
  • savings deposits;
  • term deposits, with or without issuing a certificate;
  • deposits held in accounts that cannot be withdrawn by checks, intended for recording and controlling the flow of funds relating to the provision of services for payment of salaries, retirement, pensions and similar;
  • bills of exchange;
  • mortgage bills;
  • real estate credit bills;
  • agribusiness letters of credit; and
  • repurchase transactions that have as their object securities/titles issued after 3 August 2012 by affiliated companies.

Pursuant to the FGC Regulation, the FGC guarantees the total credits of each person against:

  • the same member institution, or against all member institutions of the same financial conglomerate, up to the amount of BRL250,000; and
  • the set of all member institutions up to the amount of BRL1 million for each period of four consecutive years.

Finally, pursuant to the regulation, the following are not covered by the ordinary guarantee:

  • funds that exceed the maximum limits described above;
  • deposits, loans or any other funds collected or raised abroad;
  • transactions related to government interest programs established by law;
  • judicial deposits;
  • any financial instrument that contains a subordination clause, authorised or not by the BCB to be part of the reference equity of financial institutions and other institutions authorised to operate by the BCB;
  • the credits:
    1. (a) held by financial institutions and other institutions authorised to operate by the BCB, supplementary social security entities and social security systems established by the Federal Union, States, Federal District and Municipalities, insurance companies, capitalisation companies, investment clubs and investment funds and institutional investors residing or domiciled abroad; and
    2. (b) represented by shares of investment funds or that represent any participation in the entities referred to in (a) or in the financial instruments owned by them.

Specific conditions apply to term deposits denominated "Term Deposits with Special Guarantee by the FGC (DPGE)".

Credit Co-operative Guarantee Fund (FGCoop)

The FGCoop is a non-profit civil association, with its own legal personality, under private law, nationwide, which allows the recovery of deposits or credits held in individual credit co-operatives and co-operative banks (Bancoob and Banco Sicredi), up to a certain amount, in the event of intervention or extrajudicial liquidation.

FGCoop functions in a similar way as the FGC, provided that the member institutions of the FGCoop are co-operative banks and individual deposit-taking credit co-operatives.

In Brazil, Complementary Law No 105/01 (the “Bank Secrecy Law”) sets forth the general bank secrecy requirements applicable to financial institutions. The Bank Secrecy Law establishes that, as a general rule, financial institutions must keep secrecy of its active and passive transactions and services provided to clients.

Under the following circumstances, financial institutions may disclose information that otherwise would be protected by banking secrecy obligations:

  • the exchange of information between financial institutions, for registration purposes, including through risk management centres;
  • the provision of information contained in the register of issuers of checks without provision of funds and defaulting debtors, to credit protection entities;
  • the provision of information required to identify taxpayers and the global amounts of the respective transactions to the Federal Revenue;
  • the communication, to the competent authorities, of the commitment of crimes or administrative offenses, including the provision of information on transactions that involve funds from any criminal activity;
  • the disclosure of confidential information with the express consent of the client;
  • the provision of information under the terms and conditions established in other situation provided in the Bank Secrecy Law; and
  • the provision of financial and payment data, related to credit transactions and payment obligations performed or in progress by individuals or legal entities, to credit rating agencies, for the formation of credit history, under the terms of a specific law.

Financial institutions must disclose information originally protected by bank secrecy, when such disclosure is mandated by authorities with jurisdiction for the purpose of providing evidence of the occurrence of any illegal act, at any stage of the investigation or judicial process, and especially in the following crimes:

  • of terrorism;
  • illicit trafficking in narcotic substances or related drugs;
  • smuggling or trafficking in arms, ammunition or material intended for their production;
  • extortion through kidnapping;
  • against the SFN;
  • against the Public Administration;
  • against the tax order and social security;
  • money laundering or concealment of assets, rights and values; and
  • committed by a criminal organisation.

In addition, financial institutions cannot oppose the bank secrecy obligation to:

  • the BCB in the performance of its supervisory duties, including the investigation, at any time, of offenses committed by controllers, managers, members of statutory councils and agents, and when carrying out an inquiry in a financial institution subject to a special regime;
  • the Judiciary Branch, preserving its confidential nature by means of restricted access to the parties;
  • the Federal Legislative Branch, limited to the confidential information and documents that, on a reasonable basis, are necessary for the exercise of their respective constitutional and legal powers;
  • tax administration of the Federal Union, regarding the financial transactions carried out by the users of its services;
  • the tax authorities and tax agents of the Federal, State, Federal District and Municipalities, regarding documents, books and records when there is an administrative or fiscal proceeding in progress and such examinations are considered indispensable by the competent administrative authority; and
  • the Brazilian Securities Commission, that may request the competent judicial authority to lift the secrecy with financial institutions of information and documents relating to assets, rights and obligations of an individual or legal entity subject to its disciplinary power.

In that sense, the non-compliance with bank secrecy requirements, such as the breach of secrecy or the omission, unjustified delay or false provision of information required under the Brazilian Bank Secrecy Law, may result in criminal liability, without prejudice of the other applicable sanctions.

As a final note, financial institutions also have to comply with specific laws and regulations regarding privacy and information security in Brazil, including, but not limited to:

  • Law No 12,965/14, which is the Brazilian internet law, and Decree No 8,771/16, which regulates the law, setting forth the principles, guarantees, rights and duties for the use of the internet in Brazil;
  • Law No 13,709/18, called the General Law for the Protection of Personal Data, which governs the processing of personal data, including in digital media, by individuals or legal entities governed by public or private law, in order to protect the fundamental rights of freedom and privacy and the free development of the individual's personality (LGPD);
  • Decree No 10,474/20, that regulates the National Data Protection Authority (ANPD). Under the LGPD, regulation and supervision of the general data protection and information security obligations will be carried out by ANPD; and
  • Resolution CMN No 4,893/21, the main regulation regarding cybersecurity in the banking sector, detailing the cybersecurity policy and the requirements for contracting data processing and storage and cloud computing services by financial institutions.

Prudential Regulation

Generally speaking, prudential regulation aims to establish risk management requirements and minimum capital requirements for financial institutions based on their respective sizes. Prudential regulation aims to prevent risks arising from the activities performed by financial institutions, helping to ensure that any failure of a financial institution does not generate systemic risk in the financial system.

Prudential regulation is based on the premise that smaller institutions do not need to comply with the same rules as larger institutions, although they continue to safeguard prudential requirements. Thus, based on a specific regulatory framework, institutions must comply with certain regulations in order to prevent any failures that could generate risks to the entire SFN.


For purposes of the proportional application of prudential regulation, the CMN segmented, through Resolution CMN No 4,553/17, financial institutions and other institutions authorised to operate by BCB in the following way, considering the size and international activity of the institutions that constitute each segment:

  • Segment 1 (S1): composed of multiple banks, commercial banks, investment banks, foreign exchange banks and savings banks that (i) have a size equal to or higher than 10% of the Gross Domestic Product (GDP); or (ii) carry out relevant international activity, regardless of the size of the institution;
  • Segment 2 (S2): composed of (i) multiple banks, commercial banks, investment banks, foreign exchange banks and savings banks, with a size less than 10% and equal to or higher than 1% of GDP; and (ii) other institutions with a size equal to or higher than 1% of GDP;
  • Segment 3 (S3): composed of institutions with a size of less than 1% and equal to or higher than 0.1% of GDP;
  • Segment 4 (S4): composed of institutions with a size of less than 0.1% of GDP; and
  • Segment 5 (S5): composed of institutions with a size of less than 0.1% of GDP that use a simplified optional methodology to calculate the minimum requirements of Reference Equity (PR), of Level I and Principal Capital, except multiple banks, commercial banks, investment banks, foreign exchange banks and savings banks.

Adherence to Basel III Standards

Brazil, as a member of the Basel Committee, has fulfilled its commitment to apply the Basel III standards to the SFN. Basel III is being implemented through regulations issued by CMN and BCB.

With regard to the proportionality in the prudential regulation applicable to each of the segments, we emphasize that larger institutions that are part of the S1 segment, are subject to full alignment with the Basel III standards, which represent the standards internationally adopted related to banking supervision.

On the other hand, the institutions that are part of Segment S5, for example, are subject to a simplified optional methodology for calculating the minimum prudential requirements and a simplified risk management structure.

Risk Management Rules

In general lines, Resolution CMN No 4,557/17 (which governs the risk management structure and the capital management structure) sets forth that institutions pertaining to S1, S2, S3 and S4 must implement:

  • continuous and integrated risk management framework;
  • ongoing capital management structure; and
  • information disclosure policy on (i) continuous and integrated risk management framework; (ii) ongoing capital management structure, (iii) the calculation of the amount of risk-weighted assets (RWA), (iv) the adequacy of the PR, (v) liquidity indicators, (vi) the Leverage Ratio (RA), and (vii) the management remuneration policy.

Such risk management structures should be:

  • compatible with the business model, the nature of the operations and the complexity of the institution's products, services, activities and processes;
  • proportional to the dimension and relevance of the exposure to risks, according to criteria defined by the institution;
  • appropriate to the risk profile and systemic importance of the institution; and
  • able to assess the risks arising from macroeconomic conditions and of the markets in which the institution operates.

In its turn, institutions pertaining to S5 must implement a simplified framework for ongoing risk management, which is governed by Resolution CMN No 4,606/17.

Quantity and Quality of Capital Requirements

According to Resolution CMN No 2,099/94, among others, the following minimum limits for corporate capital are applicable:

  • BRL17.5 million for commercial banks and commercial portfolios of multiple banks;
  • BRL12.5 million for investment banks, development banks, corresponding portfolios of multiple banks and savings banks; and
  • BRL7 million for foreign exchange banks, credit, finance and investment companies, real estate credit companies, leasing companies, as well as the corresponding portfolios of multiple banks.

It is important to notice that other types of financial institutions or institutions authorised by the BCB, such as mortgage companies, securities brokerage companies, broker dealer companies and exchange brokerage companies are subject to specific share capital limits.

Moreover, Brazilian banking regulation also sets forth requirements related to the quality and composition of capital, which must be observed by financial institutions.

Liquidity Requirements

In general lines, the Basel III standards advises the adoption of two different types of liquidity index:

  • a short-term liquidity index, called the Liquidity Coverage Ratio (LCR), which aims to ensure the liquidity condition within a 30 days period; and
  • a long-term liquidity index, called the Net Stable Funding Ratio (NSFR), which aims to ensure the liquidity condition within a one year period.

The LCR was adopted in Brazil, with large institutions being required to maintain a daily ratio between liquid assets and obligations maturing in the subsequent 30 days equal to at least one. Resolution CMN No 4,401/15 imposed such a limit for financial institutions or conglomerates pertaining to S1 (as described above). The calculation of the LCR is provided by Circular BCB No 3,749/15, which divides the assets according to decreasing liquidity criteria. The standard provides for categories of assets used only partially for the calculation of the index, given their degree of relative liquidity, through the application of weighting factors (for example, certain bonds and stocks).

In its turn, with regard to the NSFR, Resolution CMN No 4,616/17 establishes that financial institutions pertaining to S1 must calculate the NSFR and permanently comply with the minimum limit established by the regulation.

Moreover, Resolution CMN No 4,557/17 Re determines that the liquidity risk management activity must be executed by a unit segregated from those responsible for business and internal audit, subject to an institution's responsible officer, who is in charge of monitoring, evaluating and managing risks.

Banks are subject to special regimes in situations that involve insolvency or other types of crises. The main special regimes are listed below:

  • intervention (intervenção) and extrajudicial liquidation (liquidação extrajudicial), as provided by Law No 6,024/74; and
  • Special Temporary Administration Regime (Regime de Administração Especial Temporária - RAET), as provided by Decree-Law No. 2,321/87.

Intervention and Extrajudicial Liquidation

Financial institutions are subject, under the terms of Law No. 6,024/74, to intervention or extrajudicial liquidation, in both cases performed and decreed by the BCB.

Intervention can occur in one of the following situations:

  • losses resulting from mismanagement that subjects its creditors to risks;
  • repeated breaches of the applicable banking laws that are not remedied after determination by the BCB; and
  • if the institution carries out activities that could trigger a bankruptcy, pursuant to Law No 11,101/05 of the Brazilian Bankruptcy Law.

Extrajudicial liquidation may be decreed when:

  • evidenced deterioration of the economic or financial condition of the institution, in particular when it fails to timely pay its debts or carries out activities that could trigger a bankruptcy;
  • serious breach of legal, regulatory or statutory rules, by the institution’s management or breach of the CMN or BCB requirements;
  • if the institution suffers losses the subject its unsecured creditors to an abnormal risk;
  • if the institution is not liquidated after its authorisation to operate is revoked; and
  • at the justified request of the management, provided they have powers and authority to do so, or at justified request of the intervenor (interventor).

In the intervention regime, which shall not exceed six months (extendable for another six months), the BCB appoints an intervenor with broad management powers (provided that certain acts must be previously approved by the BCB, such as hiring and firing of employees). The interventor must prepare a report to the BCB indicating the financial and economic situation of the institution and the damaging acts and omissions that were identified. The intervention ceases:

  • if the interested parties present the required collateral/guarantees to the BCB and resume the institution's economic activities;
  • when, at the discretion of the BCB, the institution's situation is normalised; or
  • if the extrajudicial liquidation or bankruptcy of the institution is decreed.

Similarly to intervention, in the extrajudicial liquidation, the BCB must appoint a liquidator with broad management and liquidation powers, including the powers to hire and fire employees (provided that certain acts must also be previously approved by the BCB, such as encumbering or selling assets by auction). The liquidator must prepare a report with the same terms applicable to the intervenor. The extrajudicial liquidation ceases by:

  • a decision by the BCB if certain situations set forth in Law No 6,024/74 take place (eg, payments to unsecured creditors or transfer of bank’s corporate control); and
  • a decree of bankruptcy.

The term of office of managers, members of the board of auditors or any other bodies created by the institution's by-laws is suspended in case of intervention or terminated in case of extrajudicial liquidation.

Additionally, all assets pertaining to managers of institutions under intervention, extrajudicial liquidation or bankruptcy will become unavailable and such persons will not be able, by any means, directly or indirectly, to dispose of or encumber such assets, until their liabilities are determined and settled. The unavailability of assets may be extended to the:

  • assets of sub-managers (gerentes), fiscal auditors and all those who, up to the limit of their estimated liability, have contributed, in the prior 12 months, to the decree of intervention or extrajudicial liquidation; and
  • assets sold by managers or any of the persons listed above to third parties, in the prior 12 months, provided that the acquisition of such assets is under strong suspicion of having been made with the purpose of breaching the law.

The persons subject to unavailability of assets may not be absent from the venue of the intervention, extrajudicial liquidation or bankruptcy proceeding without prior and express authorisation from the BCB or the bankruptcy judge.

The institution's managers and members of the board of auditors shall be liable for their acts or omissions.

Furthermore, all managers are jointly liable for the obligations undertaken during their management until they are discharged.

As a final note, Law No 9,447/97 extended to the direct or indirect controlling shareholders of a financial institution subject to intervention, extrajudicial liquidation or RAET, the joint and several liability of controlling shareholders under Law-Decree No 2,321/87 and the unavailability of assets under Law No 6,02417 and Law-Decree No 2,321/87.

Special Temporary Administration Regime (RAET)

A RAET has the purpose of interrupting the ordinary management of a financial institution in the following events:

  • repeated performance of transactions contrary to the guidelines of economic or financial policy determined by federal law;
  • existence of unsecured liabilities (passivo a descoberto);
  • reckless or fraudulent management;
  • breach of regulations related to bank settlement accounts (conta de reservas bancárias); and
  • occurrence of any situations that may trigger intervention.

Decreeing a RAET does not affect the regular course of the institution's business or its normal operation and shall have, immediately, the effect of terminating the mandates of managers and fiscal auditors.

During a RAET, the BCB will appoint statutory members, establish attributions and practice intervention acts. All the provisions, remedies and liability-promoting measures applicable to managers in intervention and extrajudicial liquidation are applicable in case of a RAET as well.

Once a RAET is decreed, the individuals or legal entities that control the institution, regardless of intent or fault, are jointly liable with the former managers for the obligations undertaken by the latter. The joint liability resulting from the corporate control is limited to the amount of the institution's unsecured liabilities, assessed in a balance sheet that will have as its base date the day when a RAET was decreed.

FSB Key Attributes of Effective Resolution Regimes

As a final note, it is worth mentioning that BCB has sent in 2019 the Bill of Complementary Law No 281 (“Bill No 281/19”), which reflects the Financial Stability Board Key Attributes of Effective Resolution Regimes.

Bill No 281/19 aims to adopt the Key Attributes, seeking convergence to the international standard for resolution regimes, designed to provide national authorities with tools to resolve systemically relevant financial institutions in an orderly manner, without interrupting the provision of their critical functions to customers and the economy as a whole.

At the moment, Bill No 281/19 is still under analysis in the Chamber of Deputies.

In the past few years, the Brazilian financial industry has gone through substantial changes, including the promotion of several initiatives aimed at encouraging the entry of new participants in the market and also the development of instant payments (“Pix”) and open banking.

Additionally, the BCB has adopted standards that are usually in line with international regulatory frameworks implemented in well-developed jurisdictions (in particular the regulatory framework set forth by PSD2 in the European Union), as it can be noticed by the regulations governing open banking and Pix.

It is worth mentioning that the BCB has stated its purpose of promoting financial inclusion, competitiveness, transparency, financial education and sustainability in a public document entitled Agenda BC#, which focuses on resolving structural challenges of the SFN by, among other measures, fostering technological innovation in the local market.

In this sense, we have summarised below the main upcoming regulatory developments expected to have an impact on the Brazilian financial system, such as the full implementation of Pix, open banking and the Brazilian Central Bank Digital Currency (CBDC).

Instant Payments – Pix

Pix is the Brazilian instant payments payment scheme, launched on 16 November 2020. In its turn, instant payment is an electronic money transfer in which the transmission of the payment order and availability of funds to the receiving user takes place in real time and whose service is available 24 hours a day, seven days a week, every day of the year.

It is worth mentioning that BCB plays three important roles within Pix:

  • regulator’s role (ie, defining the operating rules of Pix);
  • payment arranger (operating in a similar way as the card networks operate in their respective payment schemes); and
  • party in charge of the instant payment settlement system.

Pix aims to improve customer experience on carrying out payment orders, both as payor and as payee. From the point of view of payors, the regulator intends to let instant payments be as easy, simple and fast as making a cash payment. On the other hand, from payees’ perspective, the purpose is to reduce costs of offering payment methods, among others.

As a general rule, financial and payment institutions authorised by the BCB with more than 500,000 active client accounts (considering demand deposit accounts, savings deposit accounts and prepaid payment accounts) were obliged by the regulator to participate in the Pix payment scheme, offering the possibility of carrying out Pix transactions to their respective clients.

Despite its relatively recent launch, according to information provided by the BCB on 17 May 2021, more than 83 million individuals and more than 5.5 million companies have already adopted Pix. Since its launch, approximately 75 million Brazilians have used Pix, either to pay or receive. In other words, 45% of the adult population in Brazil has used Pix at some point. In April 2021, the amount of Pix surpassed the amount of conventional wire transfers (TED and DOC), checks and bank slips (boletos de pagamento) combined. Transactions carried out by Pix (totalling BRL1,547 billion by May 2021) were already responsible for a transacted amount of more than BRL1,109 trillion.

Although Pix was launched in the end of 2020, the BCB has been continuously developing new features and products associated to it, as well as improving mechanisms to prevent frauds and facilitate the cancellation of transactions.

Open Banking

Under Brazilian regulation, open banking is defined as the “standardized sharing of data and services through the opening and integration of systems”. Open banking is based on the assumption that clients are the legitimate owners of their respective data and not the financial or payment institutions that hold it and, thus, have the right to share such data with third parties which may offer new products and services.

In 2020, the CMN and the BCB enacted the Joint Resolution CMN and BCB No 1/20 and Circular BCB No 4,015/20 to officially regulate and implement open banking in Brazil.

The Brazilian open banking regulation only allows the direct participation of regulated institutions. As a general rule, participation in the open banking ecosystem for purposes of account information services is mandatory for regulated institutions that are part of prudential conglomerates under Segments 1 and 2 (which includes the largest financial institutions in Brazil).

Beyond data sharing, open banking also encompasses payment initiation services, which enables the initiation of a payment transaction, ordered by the client, related to a deposit or prepaid payment account, held by the same client in a different financial or payment institution.

Participation in the open banking ecosystem for purposes of payment initiation services is mandatory for authorised financial institutions and payment institutions that offer deposit accounts and prepaid payment accounts to clients, respectively, and also to payment initiation services providers (PISP).

Open banking in Brazil is being implemented in different stages, from February 2021 to September 2022.

Moreover, it is worth mentioning that local regulators are working on the implementation of the so-called open finance in Brazil (ie, the joint implementation of open banking and open insurance). In view of that, in July 2021, the Superintendence of Private Insurance has published Resolution CNSP No 415/21 and Circular SUSEP No 635/21, which provide guidelines for the implementation of the open insurance system.

In line with open banking, open insurance is expected to be implemented gradually, in different stages.

Once fully implemented, open finance promises to significantly change the financial and payments industry, promoting a more competitive and efficient market.

Financial and Technology Innovations Laboratory (LIFT)

The Financial and Technology Innovations Laboratory (LIFT) was launched by BCB in May 2018. LIFT is a joint initiative by the National Federation of the BCB’s Civil Servants Associations (Fenasbac), counts with the support of large tech companies, and it aims to promote the collaboration between academia, market, technology enterprises and fintechs towards technological innovation in financial activities.

People and enterprises interested in being part of LIFT can submit their projects, which should be consistent with the matters defined by the committee composed by the BCB, IT enterprises and Fenasbac. Projects that are selected will be submitted to an incubation process and receive support for the development of a prototype. LIFT comprises LIFT Lab and LIFT Learning.

LIFT Lab focuses on enterprises and/or people interested in bringing new ideas of entrepreneurship to the financial market and that just need a small boost to achieve their goals.

LIFT Learning focuses on partnerships with universities and research centres to foster innovation among young students, concentrating on projects that involve academic representatives in the discussion of challenges originated from activities carried out in the SFN. LIFT’s initial editions comprised, as finalists, 12 projects in 2018, 17 projects in 2019, 21 projects in 2020. In the 2021 edition, 11 projects were selected and are participating in the LIFT Lab, with the support of technology companies.

It is worth mentioning that LIFT was considered a type of sandbox (called a sectoral sandbox), driven by the BCB before launching its official regulatory sandbox (as detailed below). The sectoral sandbox supports the testing of innovative solutions before going to market, regardless of whether these solutions are regulated or not. For this reason, it does not provide access to any type of regulatory exemption.

The sectoral sandbox aims to create a space for fintechs and financial institutions to collaborate on development of new products and proofs of concept in an environment outside the market and without actual clients.

Regulatory Sandboxes

Similar to other well-developed jurisdictions, such as the United Kingdom, the Brazilian regulatory sandbox is a controlled and limited environment that allows companies to test their projects and to innovate. The objectives of the regulatory sandbox are to boost innovation, develop new projects and promote competitiveness in the financial system. At the same time, the regulatory sandbox leads to the creation of a modern regulation adapted to innovation and new financial/payment products. Usually, the financial system and innovation are many steps ahead from regulation and the regulatory sandbox aims to reduce this distance.

In Brazil, the idea of creating a regulatory sandbox started to be discussed by the BCB primarily to incentivise and facilitate innovation and product development, but also with the objective of adapting the Brazilian regulation to new business models.

Regulatory sandboxes in Brazil may be created by different regulators, depending on the specific sector in which the initiative is implemented. As a consequence, Brazil has regulated in the recent past different regulatory sandboxes, according to the respective jurisdictions of the regulators. The BCB’s regulatory sandbox is applicable to both financial and payment systems. In addition, there are other regulatory sandboxes created by the Brazilian Securities and Exchange Commission (CVM), which is applicable to the capital market, and by the Brazilian Private Insurance Superintendence (Susep), that applies to the private insurance market.

The three different regulators mentioned above exchange information and experiences to deal with certain types of projects, particularly when there are products or activities that are subject to jurisdiction of more than one of those regulators.

Additionally, it is worth mentioning that CMN and BCB recently established the guidelines for the operation of the regulatory sandbox, also called "Controlled Tests Environment for Financial and Payment Innovations", by means of Resolutions CMN No 4,865/20 and BCB No 29/20.

In the BCB’s point of view, the regulatory sandbox is an environment in which entities from the financial or payment industries will be licensed to test, for a specified period of time, an innovative project. In order to benefit from the regulatory sandbox, the project has to employ technological innovation or promote alternative use of existing technology, bringing improvements to the financial industry, such as gains of efficiency, reduction of costs or increased security.

Blockchain Projects

The BCB has been developing new projects with the use of the blockchain technology, amongst which are the Regulatory Entities’ Information Integration Platform (in Portuguese, Plataforma de Integração de Informações das Entidades Reguladoras – PIER) and the Alternative System for Transactions Settlement (SALT).

PIER is a blockchain-based technology that aims to facilitate the exchange of information among the BCB, CVM and Susep. PIER was launched on 1 April 2020, and has the potential to aggregate a variety of databases from other public entities, such as information from the judiciary, boards of trade and international financial stability bodies.

In its turn, SALT aims to be a contingent solution that would be able to immediately replace core functionalities of the main Brazilian Real Time Gross Settlement System in case of its full collapse. SALT is still just a conceptual project and it has no perspective of implementation yet.


In 2021, the BCB published the guidelines associated with the development of the CBDC in Brazil (Real Digital), encompassing its operation, legal guarantees and technological assumptions.

According to the BCB, the Brazilian CBDC will focus on technology and aims to stimulate innovative business models and its usage in retail. The distribution model to be implemented is intermediated. This means that the BCB will issue the CBDC and it will be passed to the end user through the participants of the payment system, as occurs today with the Real physical bills.

With the CBDC, the BCB aims to promote the application of new technologies, such as smart contracts, IoT (Internet of Things) and programmable money, in new business models, which may increase the efficiency of Brazilian financial and payment systems.

The legal framework will be adjusted in order to provide the legal guarantees to the CBDC, which shall be in accordance with the requirements of the Law No 13,709/18 (the General Law for the Protection of Personal Data) and Law No 9,613/98 (the Anti-Money Laundering Law).

Cascione, Pulino e Boulos Advogados

Avenida Brigadeiro Faria Lima
No. 4440, 14th floor
São Paulo

+55 (11) 3165 3000
Author Business Card

Law and Practice


Cascione, Pulino e Boulos Advogados is a full-service law firm dedicated to providing the highest quality legal services to domestic and foreign clients operating in all major sectors of the Brazilian economy and is recognized as one of the best business law firms in Brazil in several practice areas. The firm's banking and finance department is best known for its strong technical knowledge, personalised service, multidisciplinary analysis and direct involvement of partners. Cascione, Pulino e Boulos Advogados' strong background in banking and finance has placed the firm in a privileged position to provide legal advice to financial and payment institutions.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.