Use the Lexology Getting The Deal Through tool to compare the answers in this article with those from other jurisdictions.

Regulatory framework

Regulatory authorities

What national authorities regulate the provision of financial products and services?

Regulation and supervision of financial products and services are mostly entrusted to the National Monetary Council (CMN), the Central Bank of Brazil (Central Bank) and the Brazilian Securities Commission (CVM).

What activities does each national financial services authority regulate?

The CMN oversees the Brazilian monetary, credit, budgetary, fiscal and public debt policies. It is chaired by the Minister of Finance, and is formed of the Minister of Planning and the President of the Central Bank. The CMN regulates Brazilian financial institutions and currency, supervises Brazil’s reserves of gold and foreign exchange, sets out Brazilian savings and investment policies, and regulates the Brazilian capital markets to promote the economic and social development of Brazil. The CMN also oversees the activities of the Central Bank and of the CVM.

The Central Bank is responsible for implementing CMN policies on foreign currency and credit, means of payment, licensing and regulation of Brazilian financial institutions, including as regards the minimum capital and reserve requirements, disclosure of financial information and transactions by financial institutions, and monitoring and regulation of foreign investments in Brazil.

The Central Bank also supervises, inspects and imposes penalties on private and public financial institutions; monitors and approves the incorporation, functioning, transfer of control and reorganisation of financial institutions; receives compulsory withholdings and voluntary demand deposits from financial institutions; executes rediscount transactions and loans to financial institutions; and acts as depository of gold and foreign currency reserves.

The CVM is tasked with implementing the policies established by the CMN for securities, with the purpose of regulating, developing, monitoring and inspecting the securities and derivatives market and its participants (listed companies, investment funds, investors, custodians and other financial agents, asset managers, independent auditors, consultants and securities analysts). It also regulates, supervises and inspects publicly held companies; trades and brokerage in the securities and derivatives markets; the organisation, functioning and operation of stock markets, commodities and futures markets; and the management and custody of securities.

What products does each national financial services authority regulate?

The Central Bank regulates the products offered by financial institutions, such as credit instruments, consumer loans, fund transfers, equity investments, buyer and supplier credit, leasing, mortgage, brokerage, real estate lending; it also regulates means of payment and respective products (credit and debit cards, among others). For its part, the CVM regulates securities, publicly held corporations and public offerings, derivatives, investment advice, and investment funds and portfolios.

Authorisation regime

What is the registration or authorisation regime applicable to financial services firms and authorised individuals associated with those firms? When is registration or authorisation necessary, and how is it effected?

The authorisation regime is effected by the Central Bank. Under the federal constitution, foreign ownership interests in a Brazilian financial institution are subject not only to the Central Bank’s prior approval, but also to issuance of a decree by the President of the Republic confirming the national interest in and authorising such foreign equity holding. This presidential decree is also required for a foreign-based financial institution to open a branch in Brazil.

Licensing of new financial services firms, for which Central Bank approval is required, must follow the procedures prescribed by Resolution 4,122 of 2 August 2012, and Circular 3,649 of 11 March 2013. Any interested party may apply for approval. However, the person in charge of the licensing process must be technically qualified to conduct the project at the Central Bank, and the group organising the institution (in which the representatives of the future controlling group and future holders of qualified interest will participate) must be identified.

The application must contain:

  • a draft statement of intent;
  • an executive summary of the business plan;
  • the names and particulars of each member of the controlling group of the financial institution and the holders of qualified equity interest (direct or indirect interest held by individuals or legal entities, corresponding to 15 per cent or more of shares representing the total capital stock of the financial services firm), stating their respective ownership interests;
  • the names and particulars of individuals and legal entities that are part of the same economic group as the financial institution and that may directly or indirectly influence its business;
  • statements and documents evidencing that the economic group members are knowledgeable in the line of business and segment in which the institution intends to operate, and also in market dynamics, sources of operating funds, management and risks related to the intended operations;
  • identification of the origin of venture funds; and
  • an authorisation from all members of the controlling group and from all holders of qualified equity interest to the Brazilian Federal Revenue Office and to the Central Bank granting access to relevant information.

If the application is approved by the Central Bank, the applicant, before the financial institution is authorised to begin operations, must:

  • formalise the constituent documents of the financial institution, arranging for their registration with the relevant commercial registry after approval by the Central Bank;
  • implement the organisational structure (eg, corporate governance, business management, internal control and risk management structure); and
  • apply to the Central Bank for an inspection into actual implementation of the organisational structure.

After the inspection, the applicant must show that the following procedures have been adopted:

  • amendment to the by-laws of the financial institution to make its corporate capital correspond to the amount previously established in the business plan;
  • election of senior managers and other members of the bodies of the financial institution; and
  • evidence of the origin of funds used in the undertaking.

Once the Central Bank confirms that the above conditions have been satisfied, the financial institution is licensed to operate.

On being authorised to do business in Brazil, financial institutions become subject to the Central Bank’s supervision. Prior approval from the Central Bank is mandatory for all amendments to their acts of incorporation; election of directors and officers; capital increases and reductions; disposal of control; mergers, spin-offs and consolidation; and other non-routine corporate acts of those financial institutions.

Financial institutions can also set up representative offices in Brazil with the Central Bank’s prior approval. These offices are meant to conduct non-transactional operations, serving only as a point of contact between the foreign-based parent and clients domiciled in Brazil. A representative office cannot engage in any activity that is solely attributable to a Brazilian financial institution, or its authorisation will be cancelled (without prejudice to other administrative and criminal sanctions).

Finally, entities operating in fields related to capital markets, such as asset managers and advisers, investment consultants and agents, custodians, and investment funds, are subject to authorisation or registration with the CVM.

Legislation

What statute or other legal basis is the source of each regulatory authority’s jurisdiction?

Besides the federal constitution, the main statutes that are the source of national authorities’ jurisdiction over financial products are Law 4,595 of 31 December 1964 (the Banking Law), which created the CMN and deals with monetary, bank and credit institutions and policies, among other issues, and Law 6,385 of 7 December 1976 (the Securities Market Law), which created the CVM and deals with securities market activities.

What principal laws and financial service authority rules apply to the activities of financial services firms and their associated persons?

In addition to the laws referred to under question 5, the CMN, Central Bank and CVM issue regulations (resolutions, circulars, rulings, among others).

Scope of regulation

What are the main areas of regulation for each type of regulated financial services provider and product?

Brazilian financial institutions are subject to a number of limitations and requirements. In general, these concern the offering of credit, risk concentration levels, investment levels, operating procedures, loans and other transactions in foreign currency, the administration of third-party funds and micro-credit. Brazilian financial institutions must:

  • meet minimum capital and reserve requirements, and must observe certain operational limits;
  • abide by the principles of selectivity, guarantee, liquidity and risk diversification;
  • not lend more than 25 per cent of their regulatory capital to a single person or group;
  • observe the rules regarding prohibited activities in related party transactions;
  • comply with know-your-client anti-money laundering and anti-corruption regulations; and
  • put policies and internal procedures in place to monitor their financial, operating and management information systems, and their compliance with all applicable regulations.

Since January 2014, financial institutions must submit to the Central Bank, monthly and semi-annually, consolidated financial statements based on the ‘consolidated enterprise level’ on a prudential basis of which the financial institution is a member, which serve as grounds for calculation of the level of regulatory capital applying to Brazilian institutions.

Furthermore, the Central Bank currently imposes a host of compulsory reserve requirements. Financial institutions must keep those reserves deposited with the Central Bank, which uses them to control liquidity in the Brazilian financial system. Reserve requirements on time deposits, demand deposits and saving accounts represent almost the entirety of the amount that must be deposited with the Central Bank.

Additional requirements

What additional requirements apply to financial services firms and authorised persons, such as those imposed by self-regulatory bodies, designated professional bodies or other financial services organisations?

The Brazilian financial and capital markets are also subject to regulation issued by self-regulatory bodies: B3 - Brasil, Bolsa, Balcão SA; the National Association of Investment Banks - ANBIMA; the Brazilian Banks Federation - FEBRABAN; the Brazilian Association of Credit Card and Services Companies - ABECS; and the Brazilian Association of Publicly Held Companies - ABRASCA, among others.

B3 manages organised exchange and over-the-counter markets, offering trading, clearing and settlement systems for all main classes of assets ranging from stocks and bonds to currencies and financial and commodity derivatives, also acting as central counterparty to transactions carried out in its environment. It also provides a platform for registration of over-the-counter transactions; acts as a central securities depository; operates listing services for issuers of securities; and licenses indices, software and market data, among other activities. Its supervisory arm, BSM - BM&FBovespa Market Supervision, is a non-profit organisation created for autonomous execution of self-regulation in the markets operated by B3. BSM is tasked with supervising the B3 Group markets; monitoring operations, orders and trades executed in its trading environments; supervising market participants; and, if necessary, applying penalties to infringers.

ANBIMA represents and defends the interests of its members including banks, asset managers, brokers, securities dealers and investment advisers. It issues and supervises implementation of compulsory guidelines on a number of areas (eg, investment funds, public offerings, private banking). It is also responsible for accreditation in specific areas.

FEBRABAN is the main representative body of the Brazilian banking industry. FEBRABAN rules and directives (such as the self-regulation code of banking practice) are binding on its members.

In general, B3, ANBIMA, FEBRABAN and other entities set forth additional self-regulatory requirements such as guidelines and regulations with regard to securities and derivatives transactions, investment funds and public offerings.

Enforcement

Investigatory powers

What powers do national financial services authorities have to examine and investigate compliance? What enforcement powers do they have for compliance breaches? How is compliance examined and enforced in practice?

The Central Bank and the CVM have administrative powers to examine and investigate compliance, and to punish infractions.

Compliance is examined through a number of periodical filings by financial services firms (including a number of online filings), coupled with site inspections carried out by the Central Bank and the CVM.

Disciplinary powers

What are the powers of national financial services authorities to discipline or punish infractions? Which other bodies are responsible for criminal enforcement relating to compliance violations?

The Central Bank and the CVM can impose the following penalties on firms and individuals for compliance breaches:

  • admonishment;
  • cash penalty;
  • prohibition from the exercise of certain activities or rendering certain services; and
  • cancellation of the licence to operate, partly or completely.

An administrative proceeding begins when the Central Bank or the CVM notifies the financial institution of the alleged infraction. The financial institution then presents a defence. The Central Bank or the CVM may request additional information and documents, and then renders a decision. The financial institution may appeal to the Board of Appeals of the National Financial System (CRSFN), a collegiate body responsible for hearings at second and final administrative levels. The CRSFN decision may be challenged in court.

The Banking Law originally provided the administrative penalties that the Central Bank and the CVM could impose on regulated entities. On 13 November 2017, the Brazilian President sanctioned Law 13,506 modifying the administrative procedures and penalties applicable to regulated entities (with no effects in the criminal area).

The four key changes are:

  • The cap on fines has increased to 2 billion reais or 0.5 per cent of the revenue of the institution (for fines imposed by the Central Bank); and 50 million reais, two times the amount of irregular securities issue or transaction, three times the amount of the economic advantage gained or loss avoided due to the violation, or two times the losses caused to investors (for fines imposed by the CVM).
  • The new law establishes the possibility of signing a settlement commitment, which does not include an acknowledgement of guilt.
  • The act introduces the possibility of leniency agreements, by which the defendant agrees to confess to and provide information and evidence on the wrongdoing and, in exchange, receives a discharge or reduction of penalties.
  • Harsher preventive measures are now in place, such as a request for information or cessation of an act that, in case of contempt, is punishable by fines up to 100,000 reais per day (capped at 60 days) or injunction measures to remove senior managers from office.

 

This new sanctioning regime is already in effect, and does not apply retrospectively to misconduct that pre-dates the new legislation.

In the criminal sphere, only the Public Prosecutor’s Office has powers to prosecute compliance violations before the criminal courts.

Tribunals

What tribunals adjudicate criminal and civil financial services infractions?

Both federal and state courts have jurisdiction to adjudicate on claims and complaints dealing with financial matters.

Second-instance courts (represented by regional federal courts at federal level; and by appellate state courts at state level) typically have chambers, panels or sections responsible for reviewing and ruling on banking and financial matters.

The Superior Court of Justice (STJ) and the Federal Supreme Court (STF) are the highest appellate courts in the Brazilian court system. These mainly adjudicate cases already decided by regional federal courts or appellate state courts. The STF jurisdiction is triggered when the regional federal court or appellate state court issues a decision allegedly in breach of the federal constitution. The STJ’s jurisdiction is triggered by a decision that allegedly breaches a federal law.

Penalties

What are typical sanctions imposed against firms and individuals for violations? Are settlements common?

Law 13,506 also establishes the penalties against firms and individuals for violations, which are:

  • admonishment;
  • cash penalty up to:
  • two billion reais; or
  • 0.5 per cent of the financial services firm’s gross revenue from financial services and products as ascertained in the year before that of the breach, or, in case of an ongoing violation, in the year before that of the last breach;
  • prohibition for up to 20 years from engaging in certain activities or rendering certain services (applicable in case of severe violation);
  • disqualification for up to 20 years from holding senior management positions or from serving as a member of governing or supervisory bodies of financial institutions (applicable in cases of severe violation); and
  • cancellation of the authorisation to operate, partly or completely (applicable in case of severe violation).

Severe violation means practices that produce or may produce any of the following effects:

  • causing damage to the liquidity, solvency or soundness or assuming a risk incompatible with the economic condition of a financial institution or any other institution supervised by the Central Bank;
  • contributing to disorder in the financial system or disrupting the stability or smooth functioning of the national financial system;
  • concealing by any means the actual economic or financial condition of a financial institution or any other institution supervised by the Central Bank;
  • seriously affecting the continuity of activities or operations within the Brazilian payment system; and
  • causing the population to lose confidence in financial and payment instruments.

Specific orders followed by orders to comply are a feature of the day-to-day supervisory roles of the Central Bank and the CVM. After starting an administrative proceeding, settlement commitments have long been used by the CVM to end cases quickly and avoid the costs of prosecution; only recently has Law 13,506 instituted a settlement commitment for use at Central Bank level.

Compliance programmes

Programme requirements

What requirements exist concerning the nature and content of compliance and supervisory programmes for each type of regulated entity?

According to Resolution 2,554, of 24 September 1998, financial institutions and other institutions authorised to operate by the Central Bank should establish internal policies and procedures to monitor their:

  • activities;
  • financial, operational and management information systems; and
  • compliance with all regulations they are subject to.

In this regard, a financial institution is responsible for:

  • implementing an effective in-house monitoring structure;
  • defining responsibilities and monitoring procedures, setting out the corresponding objectives at all levels of the institution; and
  • verifying compliance with internal procedures.

These internal controls should be effective and in line with the nature, complexity and risk of the transactions the institutions undertake.

Additionally, financial institutions must be audited by independent accountants, and appoint an executive officer responsible for compliance with all regulations related to financial and auditing records.

Financial institutions should also comply with anti-money laundering and know-your-client requirements, which, under Brazilian law and regulations, are set forth in Law 9,613 of 3 March 1998, as amended, and in regulations issued by the Central Bank and the CVM. Anti-money laundering and know-your-client rules apply to financial institutions and to a comprehensive list of entities engaging in financial and payment-related activities, which must observe certain requirements related to identification of clients and record keeping, including:

  • identifying clients and keeping their records updated; and
  • keeping a record of every transaction in Brazilian or foreign currency, securities, credit instruments, metals or other assets convertible into cash, when exceeding the thresholds set out by the competent authorities.

Gatekeepers

How important are gatekeepers in the regulatory structure?

As stated above, financial institutions must be audited by independent accountants and appoint an executive officer responsible for compliance with all regulations related to financial and auditing records. In addition to audit reports, independent accountants are also tasked with:

  • evaluating the financial institutions’ internal controls and procedures for managing risks, presenting any potential failings verified; and
  • describing any non-compliance with regulations applicable to the statements and activities of financial institutions.

Further, the financial institutions that meet the requirements established in CMN Resolution 3,198 of 2004 must have an audit committee, whose principal functions are to:

  • nominate the independent accountants to be elected by the board of directors;
  • supervise the work of independent accountants;
  • revise the financial records for each half-year period, as well as the administrative and auditing reports;
  • supervise accounting and auditing, including compliance with internal procedures and applicable regulations;
  • evaluate whether the financial institution’s management complies with the guidelines provided by independent accountants;
  • offer guidance to directors and officers with regard to internal controls and procedures to be adopted; and
  • meet with directors and officers, independent accountants and internal accountants to verify compliance with its guidelines.

Financial institutions must also set an ombudsman’s department to ensure compliance with the rules on consumer rights and to act as an interface between the financial institution and its customers and other users of its products and services, also serving as mediator in conflicts.

More recently, the financial institutions have been required to have a compliance policy establishing the scope and purpose, organisational structure, and the personnel allocated to the compliance function; and establishing a segregation of roles among personnel to avoid conflicts of interest (see ‘Update and trends’).

In addition to the above, financial services firms must also set up an adequate continuous and integrated risk management structure, as provided by Resolution 4,557, of 23 February 2017, and maintain an internal audit activity commensurate with the nature, size, complexity, structure, risk profile and business model of the institution, as established by Resolution 4,588, of 29 June 2017.

Directors' duties and liability

What are the duties of directors, and what standard of care applies to the boards of directors of financial services firms?

A financial institution may be managed by a board of directors, executive officers or both (senior management).

The board of directors is a decision-making body with authority to establish the company’s business policy in general; to elect and dismiss executive officers; to set the duties and monitor the day-to-day managerial actions taken by the executive officers; to express an opinion in advance on any matters to be submitted to the shareholders; and to approve the implementation by the executive officers of specific matters prescribed by law or under the company’s by-laws.

The executive officers, among other duties, represent the company in its business interactions with third parties. The by-laws may establish that certain managerial decisions should be taken in executive officer meetings only.

Law 6,404 of 15 December 1976 (the Corporation Law) sets forth the fiduciary duties and liabilities applicable to senior managers.

The fiduciary duties applicable to senior managers and to members of technical or advisory bodies assisting them (provided such bodies were created through the company’s by-laws) are summarised below:

  • Duty of care: senior managers must devote to the company’s business the same standards of care and diligence that any active, diligent and honest person uses in the administration of his or her own business, using the powers conferred on them to achieve the goals of the company and acting in the best interests of the latter.
  • Duty of loyalty: senior managers must act with loyalty, putting corporate’s affairs ahead of their own.
  • Duty of acting without conflict of interests: senior managers must always act with no conflicting interests, not intervening in any transaction that involves a conflict of interests with the company, or in any decision that the other board members may take about it.
  • Duty to inform: this applies specifically to publicly held corporations.

When are directors typically held individually accountable for the activities of financial services firms?

In general, the liability of senior managers of joint stock companies is set forth in article 158 of the Corporation Law. Senior managers will not be deemed personally liable for obligations assumed on behalf of the company by virtue of a regular act of management. However, senior managers are individually held accountable for any damage caused by acts committed with fault or intent; or in violation of the law or by-laws.

Senior managers are liable in the civil sphere for damage caused when acting with fault (negligence, recklessness or incompetence) or intent, even if they have not acted beyond their purposes or powers. An abuse of power occurs when a senior manager exceeds the powers or authority prescribed by law or under the by-laws, acting contrary to the interests of the company, its shareholders or third parties; a misuse of power is held to exist when a senior manager performs apparently legal acts (formal legality) other than for the purpose for which he or she was granted the powers of ordinary management.

Further, senior managers are liable:

  • for the damage originating from breach of the duties imposed by law to ensure the normal functioning of the financial institution;
  • for breach of banking rules, especially in their specific areas of expertise; and
  • in case of intervention and non-judicial liquidation of financial institutions (bank resolution) as provided by Law 6,024 of 13 March 1974.

Finally, unlike in most countries, in Brazil, the controlling shareholders are jointly and severally liable for the liabilities exceeding assets of the financial institution in case of bank resolution.

Private rights of action

Do private rights of action apply to violations of national financial services authority rules and regulations?

Article 5 of the federal constitution establishes that the law shall not exclude any injury or threat to a right from consideration by the judiciary. Accordingly, it is possible for individuals - as well as for consumer protection associations or the Public Prosecutor’s Office - to bring suit for the alleged violation of financial regulations.

Civil lawsuits related to financial and banking matters are numerous and spare no financial institution - from banks and payment agencies to banking correspondents and investments funds, among others. Banking litigation typically arises in disputes on financial transactions, interest rates, improper charges, pricing, and defective products or services.

Standard of care for customers

What is the standard of care that applies to each type of financial services firm and authorised person when dealing with retail customers?

Brazil’s legal system is based on the Civil Code, under which a duty to redress is subject to the existence of an illicit act, and to a causal relation between the illicit act and the loss caused to the aggrieved person.

In principle, there is no separate legal framework for financial institutions based on a special duty of care. But the CMN and the Central Bank have issued a number of different rules to protect consumers, and the STF, in a landmark decision on 7 June 2006, has held that the Consumer Protection Code applies to the relationship between banks and consumers as well. The STJ has sided with this view, and has issued from time to time interpretative rulings establishing the liability of financial institutions on specific matters.

Does the standard of care differ based on the sophistication of the customer or counterparty?

Yes. As noted under question 18, financial institutions are subject to a dual system of liability in Brazil:

  • for corporate clients, the basic principles of civil law liability; and
  • for consumers, a more protective system based on rules issued by the supervisory authorities and based on the Consumer Protection Code.

In addition, there are a number of rules requiring disclosure of products and services, and limiting the fees and other amounts charged to consumers on such products and services.

The trend is that court rulings will increasingly lean toward application of the Consumer Protection Code to banking agreements and toward revision of these agreements to make them less burdensome for consumers. In addition, the CMN and the Central Bank issue from time to time specific rulings on consumer rights in the banking industry.

The basic consumer rights with regard to financial institutions are as follows:

  • the burden of proof is reversed in court;
  • financial institutions must ensure that proper and clear information is provided on the different products and services offered, with accurate specifications for quantity, characteristics, composition, quality and price, and on any risks such products may pose;
  • the products and services being offered or recommended must be adequate to the needs, interests and objectives of clients and users (suitability);
  • financial institutions are prohibited from releasing misleading or improper advertisement or information about their contracts or services, as well as promoting overbearing or disloyal commercial practices;
  • financial institutions are liable for damage caused to their clients by any misrepresentation in their advertisement or information provided;
  • interest on consumer credit and related transactions must be proportionally reduced in case of early payment of debts;
  • debt collection actions cannot be threatening or expose the client to embarrassment; and
  • amounts charged improperly in bad faith must be returned at twice the excess payment (except for excusable error, such as a system or operational error).

Rule making

How are rules that affect the financial services industry adopted? Is there a consultation process?

It is common that the regulations issued by the CMN, Central Bank and CVM, when involving relevant aspects of the national financial system, are first taken to public consultation, during which they are open to suggestions and statements from the general public.

Cross-border issues

Cross-border regulation

How do national financial services authorities approach cross-border issues?

With regard to cross-border issues in Brazil, no regime of mutual recognition, substituted compliance or exemption applies. The Central Bank and the CVM regulate financial institutions in all aspects. They may, however, enter into international arrangements for the exchange of information, in benefit of international financial and monetary integration.

International standards

What role does international standard setting play in the rules and standards implemented in your jurisdiction?

Brazil is a member of the Group of Twenty (G20), the premier forum for its members’ international economic cooperation and decision-making. Further Brazil has adopted the Basel Committee’s accords.

As for the securities market, the CVM was a founder member and of the International Organization of Securities Commissions (IOSCO).

The Central Bank supervises the Brazilian banking system in accordance with the Basel Committee on Banking Supervision (Basel Committee) guidelines and other applicable regulations, including the Basel II and Basel III accords, under which a bank’s own resources must cover its principal risks, including credit risk, market risk and operational risk.

Update and trends

Update and trends

Updates and trends

New compliance policy requirements

In August 2017, the CMN enacted a new rule establishing that Brazilian financial institutions and other institutions authorised to operate by the Central Bank must implement and maintain a compliance policy compatible with the nature, size, complexity, structure, risk profile and business model of the institution. This compliance policy is intended to ensure an effective compliance risk management by the institution and may be established at the ‘consolidated enterprise level’.

The compliance policy must be approved by the board of directors, which is tasked with ensuring adequate management of the compliance policy throughout the institution; its effectiveness and continued application; its communication to all employees and service providers; and making integrity and ethical standards part of the institutional culture. The board of directors is also responsible for ensuring the application of measures in cases of non-compliance, and for providing the necessary resources for adequate conduct of compliance functions.

Compliance policies had to be implemented by 31 December 2017.

Overhaul of the administrative sanctioning

On 13 November 2017, the President sanctioned Law 13,506 modifying the administrative procedures and penalties applicable to financial services entities. See questions 10 and 12.