New Brazil bank regulations require significant compliance changes

In October, new regulations from the Brazilian Central Bank will go into effect targeting the prevention of the use of the financial system for money laundering, terrorist financing, the proliferation of weapons of mass destruction, and suspicious transaction reporting.

The update comes one year after the public consultation and a few months from the release of the new AML/CFT regulation for the securities market by the Brazilian Securities and Exchange Commission. In 2021, Brazil will receive a FATF inspection and has already been put on notice for its deficiencies.

Replacing old regulations from 2009, the new regulation further increases obligations covering various compliance aspects. The new regulation is largely in line with the definitions and latest updates of FATF and EU Directive 2015/849 (revised by EU Directive 2018/843).

Although topics such as virtual currencies, privacy, and data protection were not covered, the changes are considerable. Given the scope of the new regulation, entities will be required to overhaul existing policies and procedures significantly. Below are some key takeaways of the new regulation:

Risk Assessment. The first improvement concerns the obligation of carrying out a specific and documented risk assessment for AML/CFT, taking into account the regulated entities types of operations (products and services), distribution technologies, and different counterparts (customers, employees, partners, and service providers).

Politically Exposed Persons. The regulation enlarged the list of PEPs to comprise second-degree relatives and commercial relationships (close collaborator) – which reinforces the indispensability of databases to capture that information. Other additions include presidents and treasurers of political parties and the high ranking officials of States and Municipalities (secretaries, members of legislative houses, and heads of state entities and SOEs).

Beneficial Ownership. Regarding the identification of beneficial ownership, the institution must establish a reference value for the identification of direct and indirect equity interests, and the minimum required being 25 percent, which was already adopted by the Brazilian Banks Federation (FEBRABAN) self-regulation. Those who exercise de facto control over the activities (significant influence) of the legal entity are expressly included in the concept of beneficial owners.

Suspicious Transaction and Reporting. The regulation deals more clearly with the monitoring-selection and analysis of suspicious operations or situations, regulating each stage and the maximum deadlines for its performance (45 days each, the maximum of 90 days, including the reporting to the FIU). Customer due-diligence cannot be outsourced or performed overseas. However, both analysis and reporting to the FIU can be centralized in the case of a group.

Know Your Partner. The regulation emphasizes the need for reputational assessment and establishes parameters for due diligence in the relationship with other financial institutions abroad: the standard defines the minimum information that must be obtained.

Monitoring and Auditing. The innovative provisions require that regulated entities define indicators and test the program’s effectiveness. Such requirements were already present in audits carried out by the Brazilian Central Bank and are now highlighted in the standard.

Regulated entities should review their programs to meet new requirements before they go into effect on October 1, 2020. Hopefully, this joint effort by the public and private sectors will regain Brazil’s credibility in AML and CFT matters.