BRAZIL Law and Practice Contributed by: Alessandra Martins and Amanda Blum Colloca, Machado, Meyer, Sendacz e Opice Advogados
internal risk assessment to mitigate and prevent the usage of their products and services for the purposes of money laundering or financing ter - rorism. The BCB also views regulated entities as gate - keepers in relation to fraud prevention. On 23 May 2023, the BCB and CMN issued Joint Reso - lution No 6, which requires data and information sharing about fraud between financial institu - tions, payment institutions and other institutions authorised by the BCB. These institutions must share data and information to prevent the occur - rence of fraud within the national financial sys - tem and the SPB. 2.10 Significant Enforcement Actions Enforcement actions taken by the regulatory authorities mentioned herein are based on Law No 13,506 of 13 November 2017( “Law 13,506/17” ). This law establishes the procedure for administrative sanctioning procedures with - in the scope of the BCB and the CVM, listing acts considered as administrative wrongdoings. Within the scope of the BCB, additional rules are provided by BCB Resolution No 131 of 20 August 2021( “Resolution 131/21” ), and within the scope of the CVM, additional rules are pro - vided by CVM Resolution No 45 of 31 August 2021( “Resolution 45” ). Sanctions that can be applied for administrative wrongdoings include (i) making the sanctioning public; (ii) pecuniary sanctions; (iii) prohibiting the provision of certain services; (iv) prohibiting certain activities or operations; (v) prohibiting institutions from acting as officers or assuming statutory roles authorised by the BCB; and (vi) licence revocation. It should be noted that the BCB and the CVM are legally allowed to accept the proposals of
administrative agreements (settlement terms) that follow specific requirements, such that administrative proceedings are not initiated against the contracting entity. 2.11 Implications of Additional, Non- Financial Services Regulations All public and private Brazilian entities that pro - cess data must comply with the Brazilian Gen - eral Data Protection Law ( Lei Geral de Proteção de Dados Pessoais LGPD), which applies to the processing of personal data by private and pub - lic entities. Specifically, financial institutions must also comply with CMN Resolution No 4,893 of 26 February 2021( “Resolution 4,893/21” ). Payment institutions, securities brokers and distributors and foreign exchange brokers must adhere to BCB Resolution No 85 of 8 April 2021( “Resolu- tion 85/21” ). Both rules establish the following: that authorised institutions must have cyber - security policies; the guidelines that must be contained in these policies; and the criteria for outsourcing data processing and cloud comput - ing services. 2.12 Review of Industry Participants by Parties Other than Regulators Financial institutions, payment institutions and other institutions authorised by the BCB must conduct internal and independent audits. CMN Resolution No 4,879 of 23 December 2020( “Res- olution 4,879/20” ) establishes the obligation for financial institutions to have internal audit units, and CMN Resolution No 4,910 of 27 May 2021( “Resolution 4,910/21” ) establishes the obligation for financial institutions to hire inde - pendent auditors. BCB Resolution No 93 of 6 May 2021( “Resolution 93/21” ) establishes the obligation for payment institutions and other institutions authorised by the BCB to have inter - nal audit units, and BCB Resolution No 130 of 20 August 2021( “Resolution 130/21” ) establishes
114 CHAMBERS.COM
Powered by FlippingBook