Contributed By Fialdini Advogados
2020 was expected to bring a number of changes to the fintech market, many of which were halted or postponed due to the COVID-19 pandemic. Even so, in November 2020 Brazil successfully managed to implement its instant payments system, named PIX.
PIX is a Brazilian Central Bank-hosted system intended to speed up the availability of funds to the payee, lowering costs and increasing safety. The instant payments ecosystem is expected to reduce the number of intermediaries in the payment chain, favouring a lower acceptance cost and promoting financial inclusion. The enriched data processed along with the payment order will also enable the development of integrated technological solutions and the emergence of new business models, leveraging the market competitiveness and efficiency.
By mid-December 2020, only one month after its launch, approximately one third of all bank account holders in Brazil were voluntarily enrolled to use the instant payments system, and PIX transactions represented about 40% of all banking transfers in Brazil, showing its amazing potential as a payment method.
Unfortunately, the implementation of the first phase of the open banking system, which was expected to bring a whole new range of possibilities for the payments and credit markets, was postponed to February 2021, but the legal framework is already in place and no further postponement is expected.
The new receivables registration system that was expected to enter into force in 2020 was also postponed to June 2021. The system will allow each sales transaction to be registered at a central system and offered as security independently. By keeping a ledger of each registered security, that receivables register system will increase the safety and reliability of the guarantees and create a more beneficial scenario for credit granting.
As per the regulatory sandboxes to encourage innovation, both the Securities and Exchange Commission (CVM) and the Brazilian Central Bank selection processes will take place during the first semester of 2021.
The Superintendence of Private Insurance (SUSEP), on the other hand, has already selected two projects to be developed within its sandbox and is analysing a number of other projects, which are likely to boost the insurtech market.
In parallel, CVM continues to work on a bill to simplify the structure of Credit Rights Investment Funds, especially with regard to fund custody and administration.
All those initiatives show alignment with market trends and proactivity from regulators in Brazil, favouring an innovation environment in the near future, where infrastructure, customer experience and data protection will probably be the biggest challenges.
The predominant players in the payments market are prepaid and postpaid card issuers on one side, and acquirers, sub-acquirers and independent sales organisations (ISOs) on the other side. Sub-acquirers have diversified in the recent past, but the current tendency is for them to concentrate on specific niches or to offer white-label solutions to retail and credit rights investment funds, on an acquirer-as-a-service model. Wallet service providers are becoming more and more popular, and tend to flourish when instant payments are operational.
In the financial market, digital banks are becoming more and more popular, especially amongst younger customers, along with platform-only credit institutions (known as Sociedade de Crédito Direto or SCD), most of which offer a bank-as-a-service model. However, the granting of loans through online platforms supported by “traditional” (non-fintech) banks is still a broadly used alternative. Crowdfunding loan brokers (Sociedade de Crédito entre Pessoas or SEP) are still less popular, with only nine Central Bank authorised entities so far.
The Monetary Council (CMN) and the Brazilian Central Bank regulate both financial and payments markets participants, including financial institutions (such as digital banks, SCD and SEP), card networks, issuers and acquirers.
CVM regulates the stocks and securities markets, as well as investment funds.
SUSEP regulates private insurance markets, including insurtech.
The Administrative Council for Economic Defense (CADE) regulates competition issues.
Financial services are usually subject to interest rates and/or fees (subject to restrictions in some cases). Tax on financial transactions (IOF) is also due on credit and exchange transactions.
Regarding payment services, e-wallet and card issuers are remunerated through usage fees and late-payment interest on any overdue amounts. Acquirers and sub-acquirers receive compensation from merchants through the merchant discount rate (MDR), the early payment of receivables and the assignment of credits, which affect customers indirectly.
Regulation is based on the type of activity and transaction volumes. There is no difference between newcomers and legacy players.
All major regulators – CVM, the Brazilian Central Bank and SUSEP – have defined the implementation of regulatory sandboxes.
Enrolment for the SUSEP programme took place during July and August 2020. Two participants have been selected and other nine projects are awaiting analysis.
Enrolment for the CVM programme took place from November 2020 until mid-January 2021 and the projects will be selected by April 2021.
Enrolment for the Brazilian Central Bank programme starts on 22 February and ends on 19 March 2021. Up to 15 projects will be selected by June 2021.
This first sandbox cycle is intended to encourage innovation, and new cycles are likely to come if the first experiences prove successful.
The CMN and the Brazilian Central Bank regulate participants in both the financial and payments markets.
CVM regulates the stocks and securities markets, as well as investment funds.
SUSEP regulates private insurance markets.
CADE regulates competition issues. When such issues involve financial or payments entities, both the Brazilian Central Bank and CADE are expected to act jointly.
Regulated entities normally need to have a robust structure in order to comply with all legal requirements. In view of that, the “as a service” model is growing quickly.
There are a few mandatory requirements for those entities acting as bank correspondents, in order to make sure the financial services are provided exclusively by the authorised institution, and that the outsourced entity is simply an intermediary.
In the payments market, obligations on outsourced entities come mostly from the card network rather than from the regulator. For instance, the only rules applicable to sub-acquirers are those imposed by the card networks, as they are not subject to regulation by the Central Bank. There are no significant card network obligations for ISOs.
Outsourcing is not always the most cost-effective option, but depending on the volume and the business model it might be the most suitable alternative to being a regulated entity.
Fintech providers are subject to anti-money laundering, anti-bribery and data privacy rules and, in most cases, are required to report any wrongdoings to the relevant authority.
Regulator interference is more common with regard to financial institutions in difficulties, anti-competitive practices and unlawful acting in the securities market.
However, the regulators do intervene when there is significant risk to the market. For instance, even though sub-acquirers are not directly subject to regulation, after a few cases when some of them failed to pay merchants the Brazilian Central Bank changed its rules to make it mandatory for larger sub-acquirers to pay merchants through a clearing chamber rather than by making payments directly.
Like any other entity, regulated players are subject to the general rules of law. Regulators, however, usually require a deeper level of compliance with regard to issues such as anti-money laundering, anti-bribery and cybersecurity, for instance.
Non-regulated entities are subject to the general rules of law only.
Market associations usually have specific self-regulatory codes of conduct and guidelines. Depending on the company’s size, field and ownership, they may also be subject to external audits, international accountancy rules and foreign anti-money laundering, anti-bribery and data privacy rules.
It is relatively common for the same company to offer regulated and unregulated products and services. A broader offering is welcomed by regulators, with a few exceptions – mostly when the services and products offered may give rise to conflicts of interest.
Robo-advisers are not specifically regulated in Brazil. CVM applies the same fiduciary duties to robo-advisers as it does to guide human advisers, but that approach brings fragilities, especially in the fulfilment of the duties of suitability, disclosure and loyalty. The soon-to-be-implemented sandbox may help address such issues to increase investors’ protection without threatening the development of these technologies.
As there is no specific regulation regarding robo-advisers, the implementation of such solutions depends on each player.
The use of standard questionnaires for obtaining information about the investor and the definition of a risk profile may lead to misguided investment recommendations. There are also potential conflicts of interest, as the algorithms may be programmed to benefit the provider or the broker in such situations. The performance of robo-advisers in crisis scenarios is also a sensitive issue.
Some financial institutions classified as Microentrepreneur Credit Companies (Sociedades de Crédito ao Microempreendedor e à Empresa de Pequeno Porte or SCMEPP) are only entitled to grant loans to individuals and micro and small companies – ie, companies with annual income of up to BRL4.8 million. They are subject to fewer regulatory obligations compared to “regular” financial institutions.
In 2019 a law was passed creating a special kind of company: the Simplified Credit Company (Empresa Simples de Crédito – ESC), which is the only non-financial institution legally entitled to provide loans. This kind of company is not subject to regulation by the Central Bank but does have a very limited scope: ESCs can only be formed by natural persons and lend money to micro and small companies incorporated in the same city as the ESC or in surrounding cities with self-funding.
Regulators impose "know-your-customer" procedures with regard to anti-money laundering, and require participants to formalise risk policies, but procedures for the assessment of the creditworthiness and risk of potential customers are defined by each institution.
Self-funding, loans, securities, assignment of credits, seed funds and venture capital are the main sources of funds for loans. The Central Bank regulates the provision of funds by financial institutions, and CVM regulates funding through the securities market.
Some crowdfunding loan brokers (SEP) offer the possibility of more than one lender granting loans to the same borrower, but loan syndication is not a common structure for the fintech markets in Brazil.
The settlement of transactions amongst financial institutions, amongst issuers and acquirers, amongst acquirers and sub-acquirers and amongst acquirers and merchants must take place through settlement chambers authorised by the Brazilian Central Bank. Currently, the chamber used by those players is the Câmara Interbancária de Pagamento – CIP.
Sub-acquirers that process more than BRL500 million per year in transactions are also obliged to pay their merchants though CIP.
Unregulated players and sub-acquirers that operate below the threshold can use any payment rail.
Every transaction is carried out through currency exchange agreements with entities authorised by the Brazilian Central Bank to operate in the currency exchange market.
All fund administrators are subject to regulation by CVM and must be authorised to act as such by the regulator.
Regulations impose strict rules of conduct on fund administrators, focusing on transparency, loyalty and compliance with the terms agreed upon with clients. Any benefits or advantages obtained by the fund administrator must be transferred to the portfolio, except for those specifically provided for in the fund rules.
In addition, the Brazilian Association of Financial and Securities Markets Entities (ANBIMA) imposes rules on its participant entities regarding internal controls, compliance, conflicts of interest, privacy rules and data protection, contingency plans, cybersecurity and outsourcing. Participants must abide by the rules and procedures to enable the monitoring, measurement and adjustment of operational, liquidity and credit risks, and disclose periodical information to their clients, the association itself and the regulator.
Marketplaces that intermediate payments and currency exchanges are subject to regulation from the Brazilian Central Bank. Currency exchanges must obtain approval from the Brazilian Central Bank prior to operating, but marketplaces are only subject to regulation after reaching specific volume thresholds.
Securities exchanges such as stock exchanges, organised and unorganised over-the-counter exchanges and crowdfunding platforms are subject to regulation by CVM.
Currency exchange is subject to regulation by the Brazilian Central Bank, while securities exchange is subject to regulation by CVM.
Cryptocurrency exchanges are not regulated in Brazil. Both the Brazilian Central Bank and CVM have issued public statements that they are following up on the market and will intervene only if they believe there is significant risk to the market.
Investment in crypto-assets by investment funds is not forbidden, but raises additional concerns with regard to unlawful transactions, money laundering and fraud, as well as pricing issues.
Initial coin offerings (ICOs) might be compared to the issuing of securities and, as such, are subject to prior approval from CVM.
The Brazilian Federal Revenue Office considers cryptocurrency as a financial asset that must be declared on the income tax filing, and which is subject to taxation in case of capital gains.
In addition to the basic listing segment, the Brazilian Stock Exchange (Brasil Bolsa Balcão – B3) has special segments for differentiated corporate governance levels, which are Novo Mercado (the highest level of corporate governance, allowing the issuing of stocks with voting rights only), Level 2 (which allows the issuing of non-voting stocks), Level 1 (with the lowest requirements in relation to Novo Mercado and Level 2) and B+ and B+ Level 2, which are focused on small and mid-caps.
Participants are required by regulation to establish order execution rules, procedures and internal controls to ensure they obtain the best possible result available on the market in filling a customer’s order and that customers are consistently informed of the differing venues on which an order may be executed.
Only small companies (with annual revenue of up to BRL10 million) are entitled to use peer-to-peer trading platforms, and are entitled to obtain up to BRL5 million. The platforms should be authorised to operate by CVM, but the issuing itself is not subject to prior authorisation.
Participants are bound by regulation to execute customer orders pursuant to the specific instructions provided, or, in the absence thereof, on a best execution basis.
For assessment and determination as to best execution, the participant must take into account factors such as price, costs, speed of execution, certainty of execution and settlement, order size, nature and other criteria relevant to the execution of the order.
Payment for order flow is customary and is not prohibited. However, intermediaries are required to maintain and disclose order execution rules addressing their methodology and criteria for order executions and trade allocation, as well as factors determining choice of execution venue and trading system when not specifically instructed by a customer.
The main applicable principle is that of full and fair disclosure, so that everyone has access to the same information at the same time. All relevant information must be disclosed to CVM and the relevant exchange, and be informed to the general public though the company’s website and through a printed paper and/or news portal.
There is no specific rule regarding the creation and usage of high-frequency and algorithmic trading. The use of automated systems or algorithms by fund administrators is subject to the same rules as apply to human-based trading.
There is no specific regulatory regime on high-frequency and algorithmic trading platforms, but all market makers must be duly registered at B3. Each market maker may be accredited to act with one or more assets.
Market makers must comply with obligations related to the minimum amount of each offer, as defined by B3. Purchase and sales price offers must fall within a pre-defined spread, which varies according to each asset.
Offers from market makers compete equally with other offers, but B3 may grant some benefits to incentive the market maker activity, such as the exemption of fees.
Funds are regulated by CVM, while dealers are regulated by the Brazilian Central Bank, but there is no specific regulation on high-frequency and algorithmic trading.
Programmers who develop and create trading algorithms and other electronic trading tools are not subject to specific regulation.
All individuals and entities that prepare analysis reports regarding securities to be disclosed to the public – even if for clients only – are subject to accreditation by an entity authorised by CVM.
Participants are required to abide by a code of conduct and commit to use only trustworthy and legitimate information, subject to penalty.
The platform usually moderates any content posted by users, and may remove unacceptable comments.
In the underwriting process, rules and guidelines previously established by each insurance company in line with their internal policies are taken into consideration when assessing the risks involved and deciding whether to accept or refuse insurance proposals, as well as for the proper setting of premiums, conditions for contracting, coverage and limitation of liability for indemnity purposes.
There has been an increasing use of technological solutions for the collection, organisation and analysis of statistics and the creation of rules and guidelines upon which the underwriting processes will be based, as well as for the execution of the underwriting process itself.
Legislation does not regulate the underwriting process, so insurance companies are free to establish the criteria to be observed, provided that they act in compliance with the general rules applicable to the insurance market. However, in case of refusal of an insurance proposal, SUSEP requires the insurance company to notify the proponent of the results of the assessment and the reason for such refusal.
The insurance market in Brazil adopts an extensive classification of types of insurance, all of which are subject to a set of rules that applies irrespective of the type, as well as to general rules of law such as consumer protection, data privacy and anti-money laundering rules. However, each type of insurance is subject to additional specific rulings. and standard contractual terms defined by SUSEP shall apply in certain cases (such as guarantee insurance and general civil liability insurance).
Every product offered in the insurance market is subject to registration with the regulator. The registration procedure is expedited for those products to which standard contractual terms apply. Occasional changes are permitted, as well as the inclusion of coverage and of specific conditions, but these are subject to prior approval by the regulator.
A Special Committee for Innovation and Insurtech was created in 2017 to promote debate amongst participants of the insurance market on relevant themes relating to technology and innovation, aiming to improve regulation. There has been no relevant change so far, but SUSEP is currently selecting projects under a regulatory sandbox that may boost innovation in the insurance market.
Regtech providers are not subject to regulation in Brazil.
The regtech market is still in development. As it is strongly based on automation, machine learning and AI, the great challenge is to keep up to date with the market regulation in constant change.
Liability before the regulator will always fall upon the regulated participant, but regtech providers may contractually respond for damages.
There is currently a significant movement for the adoption of blockchain technology by the financial market players, including for the internal use of regulators.
Regulators are evaluating the possibility of using blockchain technology for their internal affairs and for some financial products. There are also study groups in place analysing potential regulation for the use of blockchain to register securities.
Blockchain assets are not yet regulated in Brazil. The great challenge is to have Congress pass a law acknowledging blockchain assets as valid and enforceable assets, after which regulators would be entitled to issue rulings for the use thereof.
Blockchain assets are not yet regulated in Brazil.
Blockchain assets are not yet regulated in Brazil.
Blockchain assets are not yet regulated in Brazil.
Virtual currencies are acknowledged by the Brazilian Federal Revenue Office as financial assets, regardless of the technology in which they are embedded – blockchain or otherwise. As such, cryptocurrency assets must be declared on the income tax filing and are subject to taxation in case of capital gains.
Blockchain assets, on the other hand, are not yet acknowledged in Brazil.
Decentralised finance platforms are not subject to specific regulation in Brazil.
Regulation on open banking enables the sharing of registration and transactional data from individuals or legal entities through a secure system, at the customers’ discretion.
Regulation from the Brazilian Central Bank provides for the scope of data and services to be shared, the participating institutions, the client's consent and the procedures and controls for costumer’s authentication. It also establishes rules and principles for the dedicated interfaces to be used by participating institutions, which shall agree to commit to a convention defining technical standards and operational procedures for open banking implementation.
Participating institutions are responsible for ensuring the reliability, integrity, availability, security and confidentiality of data and services they share, as well as for meeting customer demands and supporting other participants.
Open banking in Brazil will be implemented gradually, from February 2021 to December 2021, as follows:
Besides allowing financial services to be integrated in the customer’s digital journey, open banking also aims to reduce information asymmetry between financial services providers, thus favouring the emergence of new business models as comparison platforms for financial products and services, financial advisory, financial management and user-friendly payment initiation procedures, among others.
However, that raises concerns as to how data will be captured, kept and treated by technology providers and to what extent banks will be held liable in the event of misuse by third parties, undue disclosure and data leakage.