BRAZIL Law and Practice Contributed by: Eduardo Castro, Pedro Nasi and Gabriel Libanori, Machado, Meyer, Sendacz e Opice
12. Fraud 12.1 Elements of Fraud
• secure interoperability, supported by standardised application programming interfaces (APIs), cyber - security protocols and operational requirements; and • governance and supervision, with oversight exer - cised by the BCB and the open finance govern - ance structure. Institutions that voluntarily extend their participa - tion beyond the minimum requirements may share additional categories of data (such as investment or insurance information) and provide more advanced integrated services. 11.2 Concerns Raised by Open Banking The Brazilian open finance framework imposes robust technological, operational and governance obliga - tions on its participants. Joint Resolution No 1/20 and the open finance protocols establish detailed technological, operational and application program - ming interface (API) standards that must be followed by regulated institutions wishing to participate in open finance. These standards are designed to ensure inter - operability among different financial institutions and to guarantee the secure and efficient exchange of cus - tomer data. In addition to establishing the technical framework, the BCB conducts ongoing certification activities and supervised testing to verify compliance with the secu - rity and performance requirements set forth within the open finance ecosystem. These assessments aim to ensure that participating institutions effectively imple - ment the governance rules, cybersecurity controls, consent mechanisms and data-sharing protocols nec - essary for secure participation in open finance. To guarantee that shared data is protected and accessed solely by the participating institutions, which bear regulatory and legal responsibility for that data, the BCB, in alignment with the LGPD, ensures that consumer consent is obtained for clear and lim - ited purposes, and for a specific duration. All consent requirements are designed to ensure that the data is not utilised beyond its intended purposes.
Monetary authorities in Brazil have not established a regulatory definition for the practice of “fraud” within the national financial system or Brazilian payment system, though such practice is usually deemed an estelionato (swindling) crime for Brazilian law purpos - es, defined as “obtaining, for oneself or for another, an unlawful advantage, to the detriment of others, by inducing or keeping someone in error, through artifice, Brazilian regulators, particularly the BCB, have priori - tised fraud prevention and mitigation as a core super - visory objective. Recent regulations applicable to institutions author - ised to operate by the BCB require such institutions to put in place internal controls aimed at prevent - ing, identifying and resolving fraud, as well as shar - ing with other authorised institutions information on fraud occurrence according to Joint Resolution No 6/22. Additional measures have been taken by the B2B within Pix payment rails to reduce fraud, such as: deceit, or any other fraudulent means”. 12.2 Areas of Regulatory Focus • the use of the transactional account identifier directory ( Diretório Identificador de Chaves Trans - actionais DICT) within Pix for marking fraudulent accounts and account holders in order to prevent such persons from opening new accounts and car - rying out new transactions; and • the creation of transaction limits, enhanced authentication mechanisms and the Special Return Mechanism ( Mecanismo Especial de Devolução MED) to reduce fraud risk and improve customer Recent judicial decisions in Brazil have established that institutions authorised by the BCB may be held liable for losses suffered by customers when fraud occurs because of insufficient internal controls or failures in security protocols. Courts have increas - ingly recognised that regulated entities have a duty to implement robust authentication procedures, effec - tive monitoring systems and adequate safeguards to protection within the PIX ecosystem. 12.3 Responsibility for Losses
114 CHAMBERS.COM
Powered by FlippingBook